[186636] in North American Network Operators' Group
Re: de-peering for security sake
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sat Dec 26 15:29:23 2015
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <278703070.5666.1451139598778.JavaMail.mhammett@ThunderFuck>
Date: Sat, 26 Dec 2015 12:28:07 -0800
To: Mike Hammett <nanog@ics-il.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
I think as granular as practicable. In some cases, that will be a /32 or =
/128. In some cases, that will be a /24 or /64.
In some cases, it may be an entire ASN.
Each network will need to decide for themselves based on the constraints =
of the time they have to address the issue, the level of automation for =
addressing these things, memory in their routing platform(s), etc.
There is no one-size-fits all answer.
Owen
> On Dec 26, 2015, at 06:19 , Mike Hammett <nanog@ics-il.net> wrote:
>=20
> How much is an acceptable standard to the community? Individual /32s ( =
or /64s)? Some tipping point where 50% of a /24 (or whatever it's IPv6 =
equivalent would be) has made your naughty list that you block the whole =
prefix?=20
>=20
>=20
>=20
>=20
> -----=20
> Mike Hammett=20
> Intelligent Computing Solutions=20
> http://www.ics-il.com=20
>=20
>=20
>=20
> Midwest Internet Exchange=20
> http://www.midwest-ix.com=20
>=20
>=20
> ----- Original Message -----
>=20
> From: "Owen DeLong" <owen@delong.com>=20
> To: "Dan Hollis" <goemon@anime.net>=20
> Cc: "Mike Hammett" <nanog@ics-il.net>, "NANOG" <nanog@nanog.org>=20
> Sent: Saturday, December 26, 2015 1:00:35 AM=20
> Subject: Re: de-peering for security sake=20
>=20
>=20
>> On Dec 25, 2015, at 22:16 , Dan Hollis <goemon@anime.net> wrote:=20
>>=20
>> On Fri, 25 Dec 2015, Owen DeLong wrote:=20
>>> Merely because people are asleep at the switch does not give those =
of us in a position to understand the consequences license to abuse our =
position.=20
>>=20
>> At what point do you cut the wire? How abusive is acceptable?=20
>=20
> IMHO, you never cut the wire. You may filter selectively, but cutting =
the wire comes with far more collateral damage than actual useful =
effect.=20
>=20
> Owen=20
>=20
