nanog mailing list archives
Re: BGP hijack from 23724 -> 4134 China?
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Fri, 9 Apr 2010 11:58:02 +0530
It depends. Preventing packet flow from a rather more carefully selected list of prefixes may actually make sense. These for example - www.spamhaus.org/drop/ Filtering prefixes that your customers may actually exchange valid email / traffic with, and that are not 100% bad is not the best way to go. Block specific prefixes from China, the USA, Eastern Europe, wherever - that are a specific threat to your network .. great. Even better if you are able to manage that blocking and avoid turning your router ACLs into a sort of Hotel California for prefixes. On Fri, Apr 9, 2010 at 11:52 AM, Daniel Karrenberg <daniel.karrenberg () ripe net> wrote:
**** Selectively preventing packet flow is *not* a security measure. **** Selectively preventing packet flow leads to unexpected and hard to diagnose breakage. **** Many independent actors selectively preventing packet flow will eventually partition the Internet sufficiently to break it beyond recognition.
-- Suresh Ramasubramanian (ops.lists () gmail com)
Current thread:
- Re: BGP hijack from 23724 -> 4134 China?, (continued)
- Re: BGP hijack from 23724 -> 4134 China? Jeroen van Aart (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Benjamin Billon (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Jim Burwell (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Patrick Giagnocavo (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Jeroen van Aart (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Rich Kulawiec (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Jeroen van Aart (Apr 09)
- RE: BGP hijack from 23724 -> 4134 China? Warren Bailey (Apr 09)
- RE: BGP hijack from 23724 -> 4134 China? Jim Templin (Apr 09)
- Re: BGP hijack from 23724 -> 4134 China? Suresh Ramasubramanian (Apr 08)