[182547] in North American Network Operators' Group
Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Jul 21 07:16:57 2015
X-Original-To: nanog@nanog.org
Date: Tue, 21 Jul 2015 07:16:53 -0400
From: Jared Mauch <jared@puck.Nether.net>
To: Colin Johnston <colinj@gt86car.org.uk>
In-Reply-To: <0D2A44A8-72F3-45FD-8210-B2DDA5B47890@gt86car.org.uk>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
I'm reminded of the "the russians are hacking our water system"
stories from a few years back, when it turned out the water system
adminstrator was on vacation in russia.
often traffic comes from unexpected locations. perhaps you
should fail-closed with good business practices to open things up.
perhaps you fail-open then mitigate risk by using a blocklist.
my suggestion is that if you didn't live through the days
of the bogon lists, which were later allocated to RIRs, a block
list is likely not the right approach if you truly working on
security posture.
- Jared
On Mon, Jul 20, 2015 at 09:50:44PM +0100, Colin Johnston wrote:
> blocking to mitigate risk is a better trade off gaining better percentage legit traffic against a indventant minor valid good network range.
>
>
> Sent from my iPhone
>
> > On 20 Jul 2015, at 21:20, Valdis.Kletnieks@vt.edu wrote:
> >
> > On Mon, 20 Jul 2015 21:12:33 +0100, Colin Johnston said:
> >> source user to use phone contact and or postal service to establish contact
> >
> > And your phone and postal addresses are listed *where* that Joe Aussie-Sixpack
> > is likely to be able to find?
> >
> > (Hint 1: If it's on your website, they can't find it.)
> >
> > (Hint 2: Mortal users have never heard of WHOIS or similar services)
> >
> > And what are the chances that after 3-4 days of unreachable, the user will
> > simply conclude you've gone out of business and you've lost a customer/reader
> > to a competitor?
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
