nanog mailing list archives
Re: Atrivo/Intercage: Now Only 1 Upstream
From: "Christopher Morrow" <christopher.morrow () gmail com>
Date: Wed, 17 Sep 2008 14:48:32 -0400
On Wed, Sep 17, 2008 at 1:34 PM, Lamar Owen <lowen () pari edu> wrote:
The point made by Christopher Morrow is well taken:There's the additional issue of allowing a third party to manage/traffic-engineer inside your network which might upset some operations folks. If you can build a list on your own in a reasonable fashion with supporting information and high confidence level that's one story, if this list comes from "someone else" whom you don't even have a billing-relationship with... it's hard to sell that when something bad happens. Certainly not everyone feels this way (see 'popularity' of the existing RBL/xbl lists) but in a larger network, or one that makes money ...Folks who use a DNSBL are already letting people in their network, in the e-mail sense at least (and some firewall interfaces to these lists). Those same people would likely not have a problem with a wish-they-were-bogons list.
dropping email or port scans to known-vulnerable ports is very different from dropping all traffic from an ip/asn ... There have been cases of large content folks (MS comes to mind) being infected with badness, dropping that for a time is going to hurt more than dropping email from it only.
For infrastructure notes, see Team Cymru's description page at http://www.team-cymru.org/Services/Bogons/routeserver.html Seems easy enough to duplicate (of course, the devil is in the details, and
Sorry not just the route-server is necessary, if you want to do something aside from 'drop traffic on the floor'. Take, for instance the DNS Pinning attacks. If you have a large consumer base (or other base dependent up on recursive resolvers) discarding traffic towards the pinned resolvers is going to increase your costs... Prior to accepting the routing change if you setup some infrastructure to sinkhole the traffic and provide proper services out of that sinkhole you'd at least avoid that issue. where in your network can you sink a few gbps of traffic? regionally? locally? centrally? never? always? planning that out is necessary. -chris
Current thread:
- RE: Seattle Peering, (continued)
- RE: Seattle Peering Paul Stewart (Sep 23)
- RE: Seattle Peering Chris Caputo (Sep 23)
- Re: Atrivo/Intercage: Now Only 1 Upstream Christopher Morrow (Sep 17)
- Re: Atrivo/Intercage: Now Only 1 Upstream Steve Gibbard (Sep 17)
- Re: Atrivo/Intercage: Now Only 1 Upstream Andy Davidson (Sep 18)
- Atrivo/Intercage: NO Upstream depeered at 2:25am est James Thomas (Sep 21)
- Re: Atrivo/Intercage: Now Only 1 Upstream Gadi Evron (Sep 17)
- Re: Atrivo/Intercage: Now Only 1 Upstream Christopher Morrow (Sep 17)
- Re: Atrivo/Intercage: Now Only 1 Upstream Suresh Ramasubramanian (Sep 18)
- Re: Atrivo/Intercage: Now Only 1 Upstream Christopher Morrow (Sep 17)