[53214] in North American Network Operators' Group
Re: Blackholing APNIC Routes (or a subset of)
daemon@ATHENA.MIT.EDU (Joe Abley)
Tue Nov 5 15:52:58 2002
Date: Tue, 5 Nov 2002 15:52:19 -0500
Cc: <nanog@merit.edu>
To: <ekgermann@cctec.com>
From: Joe Abley <jabley@isc.org>
In-Reply-To: <NDBBJJPLIGJGLBKILFIHKEEGIDAA.ekgermann@cctec.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Tuesday, Nov 5, 2002, at 15:22 Canada/Eastern, Eric Germann wrote:
> Anyone want to admit privately (I'll summarize to the list) if they
> actively
> filter certain partitions of APNIC space?
>
> We did a little experiment the past couple of days and saw at 85% of
> our
> port 13[5-9] scans, Code Red/Nimda/formmail attempts, etc. go out the
> door
> by blackholing those networks in .cn and .kr.
>
> Thoughts? Is it a valid thesis? I've seen the discussions for spam
> mitigation, etc via DNS, but this is actually null routing all their
> traffic.
Speaking as someone who used to operate networks in New Zealand, please
take care not to blame the whole region for troublesome traffic
originating from one or two countries. There is nothing people in NZ
can do about network abuse in China or Korea.
Subject lines that read "Blackholing APNIC Routes" are best avoided, in
my opinion, lest they give people ideas. In other news, despite what
several large network operators might think, 202/7 is not "CHINANET" :)
Joe
