[186614] in North American Network Operators' Group
Re: de-peering for security sake
daemon@ATHENA.MIT.EDU (Colin Johnston)
Fri Dec 25 15:10:48 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <CAPkb-7BdST2pbcrDEeSRmj29oLwP_0w+m8-ya7Ztk1PB071u+w@mail.gmail.com>
From: Colin Johnston <colinj@gt86car.org.uk>
Date: Fri, 25 Dec 2015 20:10:38 +0000
To: Baldur Norddahl <baldur.norddahl@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
why do the chinese network folks never reply and action abuse reports, norma=
l slow speed network abuse is tolerated, but not high speed deliberate abuse=
albeit compromised machines
Sent from my iPhone
> On 25 Dec 2015, at 19:43, Baldur Norddahl <baldur.norddahl@gmail.com> wrot=
e:
>=20
>> On 25 December 2015 at 20:06, Lee <ler762@gmail.com> wrote:
>>=20
>> Enable IPv6 for your users. 1) it's not going to have any "history" &
>> 2) ipv6 probably isn't blocked.
>>=20
>=20
> I am not aware of just one single government site in this country (Denmark=
)
> that is IPv6 enabled. There are zero danish news sites that are IPv6
> enabled. In fact, nothing here is IPv6 enabled - with the exception of all=
> major ISP sites. For some strange reason all ISPs have IPv6 on their
> websites (but they do not provide IPv6 to their customers). It is sad
> really.
>=20
>=20
>>=20
>>> So now my users can not access government sites because the IP ranges
>> were
>>> owned by a company in a different country two years ago.
>>=20
>> Find one of your users that's a citizen of said gov't & forward their
>> complaint to the gov't sites. Non-citizen complaints are much easier
>> to ignore..
>>=20
>=20
> I am a citizen and yes, they do ignore us. If you can manage to find the
> right guy, he can probably fix it in a few minutes. It is just that there
> is no way to get to that guy. The front desk has no clue what you are
> talking about. To these people we should just stop sending traffic from
> Romania and it would all be fixed, no?
>=20
> To make it worse it is a really boring game of whack a mole. The users are=
> constantly finding new sites that are either blocking us or are showing th=
e
> site in the wrong language. Each time we open up a new IP series, it all
> starts over again. We do not have enough cash on hand to simply buy a real=
> large chunk of IPv4, so we have multiple smaller blocks.
>=20
> With regards to this thread, I am finding a worrying trend for websites to=
> block out of country IP-addresses at the firewall. In the past you could
> expect that some content would not play or that your credit card payment
> would be blocked. But now you never get to that stage because sites are
> dropping the packets at the firewall.
>=20
> Regards,
>=20
> Baldur
