nanog mailing list archives
Re: Trusted Networks Initiative: DDoS fallback set of AS'es
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Thu, 16 Apr 2015 15:39:46 -0400
On Thu, Apr 16, 2015 at 6:58 AM, David Hofstee <david () mailplus nl> wrote:
Hi, I saw the following and thought it would be interesting to share. In case of a persistent DDoS an ASy can fallback to a small set of (more trustable) AS'es for their routing: http://www.trustednetworksinitiative.nl/ They have a policy with procedural and technical parts, which may be upgraded later, for parties who want to participate: https://www.thehaguesecuritydelta.com/images/20141124_Trusted_Networks_Policy_beta-vs0_7.pdf Without having an opinion if everybody in the world should join this (I don't know the desired scope of this group), but the idea is interesting. I had not seen something like it before.
so...: "The principles of the solutions are simple: each participating network at its sole discretion can step to ‘trusted internet only’ if an emergency situation requires to temporary disconnect from the global internet." you're asking your ISP or set of ISPs to 'stop forwarding me packets from X and Y and Z' sure, why do we need a new special group and designation for that? can't you just no-export your routes to your provider today? (or other similar options). this seems ... shortsighted at best and incredibly dumb at worst.
Current thread:
- Trusted Networks Initiative: DDoS fallback set of AS'es David Hofstee (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Christopher Morrow (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Valdis . Kletnieks (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Job Snijders (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Valdis . Kletnieks (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es joel jaeggli (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Christopher Morrow (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Randy Bush (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Christopher Morrow (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Randy Bush (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Daniel Karrenberg (Apr 22)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Randy Bush (Apr 29)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Valdis . Kletnieks (Apr 16)
- Re: Trusted Networks Initiative: DDoS fallback set of AS'es Christopher Morrow (Apr 16)