[186653] in North American Network Operators' Group
Re: de-peering for security sake
daemon@ATHENA.MIT.EDU (Colin Johnston)
Sun Dec 27 02:13:03 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <20151227063220.GG7584@slab-wks-04.int.slabnet.com>
From: Colin Johnston <colinj@gt86car.org.uk>
Date: Sun, 27 Dec 2015 07:12:48 +0000
To: Hugo Slabbert <hugo@slabnet.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
interesting:)
but useful to make a attempt at cleaning up traffic from china and russia
colin
Sent from my iPhone
> On 27 Dec 2015, at 06:32, Hugo Slabbert <hugo@slabnet.com> wrote:
>=20
>> On Fri 2015-Dec-25 08:55:24 +0530, Suresh Ramasubramanian <ops.lists@gmai=
l.com> wrote:
>>=20
>> Hmm, has anyone at all kept count of the number of times such a discussio=
n has started up in just the last year...
>=20
> Not on an ongoing basis, but I was curious as well, so a quick mailbox sea=
rch for 2015:
>=20
> http://mailman.nanog.org/pipermail/nanog/2015-January/072841.html
> subject: Facebook outage?
> author: Colin Johnston <colinj@gt86car.org.uk>
>=20
> http://mailman.nanog.org/pipermail/nanog/2015-February/073556.html
> subject: AOL Postmaster
> author: Colin Johnston <colinj@gt86car.org.uk>
>=20
> http://mailman.nanog.org/pipermail/nanog/2015-March/074251.html
> http://mailman.nanog.org/pipermail/nanog/2015-March/074241.html
> subject: Getting hit hard by CHINANET
> author: Colin Johnston <colinj@gt86car.org.uk>
>=20
> http://mailman.nanog.org/pipermail/nanog/2015-April/074432.html
> subject: BGP offloading (fixing legacy router BGP scalability issues)
> author: Colin Johnston <colinj@gt86car.org.uk>
>=20
> http://mailman.nanog.org/pipermail/nanog/2015-July/077790.html
> subject: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last=
24 hours
> author: Colin Johnston <colinj@gt86car.org.uk>
>=20
> http://mailman.nanog.org/pipermail/nanog/2015-December/083104.html
> subject: de-peering for security sake
> author: Colin Johnston <colinj@gt86car.org.uk>
>=20
> I tried to be pretty wide in the search and filter through a decent chunk o=
f false positives manually, though of course I could have missed some. It d=
oes skip a few of the "all of their traffic is crap and abuse reports are ig=
nored" messages that don't *explicitly* call for wholesale country-level blo=
cks or de-peering.
>=20
>> ...and how many more times in the past 16 or so years?
>=20
> I was curious, but not masochistic ;)
>=20
> --=20
> Hugo
>=20
> hugo@slabnet.com: email, xmpp/jabber
> PGP fingerprint (B178313E):
> CF18 15FA 9FE4 0CD1 2319 1D77 9AB1 0FFD B178 313E
>=20
> (also on textsecure & redphone)
>=20
>=20
>>=20
>> Mind you, back in say 2004, this discussion would have run to 50 or 60 em=
ails at a bare minimum, in no time at all.
>>=20
>> --srs
>>=20
>> On 25-Dec-2015, at 6:55 AM, Stephen Satchell <list@satchell.net> wrote:
>>=20
>>>> On 12/24/2015 04:50 PM, Daniel Corbe wrote:
>>>> Let=E2=80=99s just cut off the entirety of the third world instead of h=
aving
>>>> a tangible mitigation plan in place.
>>>=20
>>> While you thing you are making a snarky response, it would be handy for e=
nd users to be able to turn on and off access to other countries retail.
