[179520] in North American Network Operators' Group
Re: Trusted Networks Initiative: DDoS fallback set of AS'es
daemon@ATHENA.MIT.EDU (joel jaeggli)
Thu Apr 16 16:42:13 2015
X-Original-To: nanog@nanog.org
To: Valdis.Kletnieks@vt.edu, Job Snijders <job@instituut.net>
From: joel jaeggli <joelja@bogus.com>
Date: Thu, 16 Apr 2015 13:42:03 -0700
in-reply-to: <19328.1429216247@turing-police.cc.vt.edu>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--N2CSMaFBP5cgNJKCvk1UILuF4rLhMtFWF
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 4/16/15 1:30 PM, Valdis.Kletnieks@vt.edu wrote:
> On Thu, 16 Apr 2015 22:13:56 +0200, Job Snijders said:
>=20
>> If you don't want packets from 1312 don't announce to them?
>=20
> I'm probably at least 4-5 AS's away, and you're probably routed to us
> through Cogent or similar large transit. Feel free to not announce you=
r
> routes to Cogent because you don't want packets from my AS...
>=20
> (For whatever value of "Cogent" you have for your upstream)
bearing in mind that transit providers rarely give you communities to
influence their customers, just peers. There is an illusion of control
that provider no export communities provide that always requires
confirmation when applied. if 1312 buys the full internet cone they can
also install a default. so they can send you packets even if they in
fact do not have your route.
my assumption is there is more default out there then generally assumed
and work to replicate the findings in
http://www.eecs.qmul.ac.uk/~steve/papers/imc099-bush.pdf
would probably find the same thing.
--N2CSMaFBP5cgNJKCvk1UILuF4rLhMtFWF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlUwHpsACgkQ8AA1q7Z/VrLk/gCfVxPMx6yA9pp/XuVUyZCneYcG
JFQAoIMpDSXBkpbgYBB/oMHb+0myi5wJ
=bUm3
-----END PGP SIGNATURE-----
--N2CSMaFBP5cgNJKCvk1UILuF4rLhMtFWF--
