[182535] in North American Network Operators' Group
Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Mon Jul 20 17:49:46 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <6C4BAFEF-04BF-4B0A-A095-E47C76986643@gt86car.org.uk>
Date: Mon, 20 Jul 2015 17:41:24 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Colin Johnston <colinj@gt86car.org.uk>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Mon, Jul 20, 2015 at 3:18 PM, Colin Johnston <colinj@gt86car.org.uk> wrote:
> in war you take information at face value and use it if needed to mitigate risk, if there is legit traffic in blocked ranges then excemption procedure in place to unblock.
>
it's not clear how blocking any list of addresse stops the 20-30gbps
of packets from arriving at your doorstep, but if you feel you're
doing the right thing for your network, I can only echo the words of
another: "I encourage my competitors to do this"
> colin
>
> Sent from my iPhone
>
>> On 20 Jul 2015, at 19:57, Valdis.Kletnieks@vt.edu wrote:
>>
>> On Mon, 20 Jul 2015 19:42:39 +0100, Colin Johnston said:
>>> see below for china ranges I believe, ipv4 and ipv6
>>
>> You may believe... but are you *sure*? (Over the years, we've seen
>> *lots* of "block China" lists that accidentally block chunks allocated
>> to Taiwan or Australia or other Pacific Rim destinations).
>>
>> And remember - asking the NIC doesn't help, because there are almost
>> certainly blocks allocated that the registration points to Korea or
>> someplace, but the provider routes a sub-block to China. And let's
>> not even get started on blocks allocated by ARIN or RIPE....
>>
>> (Yes, it *was* a trick question :)
>>
