nanog mailing list archives
Re: de-peering for security sake
From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Fri, 25 Dec 2015 02:41:14 +0100
I am afraid people are already doing this. Every time I bring a new IP series into production, my users will complain that they are locked out from sites including many government sites. This is because people will load IP location lists into their firewall and drop packets at the border. Of course they will not update said lists and load year old lists into their firewalls. So now my users can not access government sites because the IP ranges were owned by a company in a different country two years ago. Take a guess on how responsive site owners are when we complain about their firewall. Most refuse to acknowledge they do any blocking and insist the problem is at our end. That is if they respond at all. Regards, Baldur On 25 December 2015 at 02:25, Stephen Satchell <list () satchell net> wrote:
On 12/24/2015 04:50 PM, Daniel Corbe wrote:Let’s just cut off the entirety of the third world instead of having a tangible mitigation plan in place.While you thing you are making a snarky response, it would be handy for end users to be able to turn on and off access to other countries retail. If *they* don't need access to certain third world countries, it would be their decision, not the operator's decision. For example, here on my little network we have no need for connectivity to much of Asia, Africa, or India. We do have need to talk to Europe, Australia, and some countries in South America.
Current thread:
- Re: Broadband Router Comparisons, (continued)
- Re: Broadband Router Comparisons Rob Seastrom (Dec 24)
- Re: Broadband Router Comparisons Baldur Norddahl (Dec 24)
- Re: Broadband Router Comparisons Justin Wilson (Dec 24)
- RE: Broadband Router Comparisons Frank Bulk (Dec 24)
- Re: Broadband Router Comparisons Jason Baugher (Dec 24)
- de-peering for security sake Colin Johnston (Dec 24)
- Re: de-peering for security sake Valdis . Kletnieks (Dec 24)
- Re: de-peering for security sake Colin Johnston (Dec 25)
- Re: de-peering for security sake Daniel Corbe (Dec 24)
- Re: de-peering for security sake Stephen Satchell (Dec 24)
- Re: de-peering for security sake Baldur Norddahl (Dec 24)
- Re: de-peering for security sake Lee (Dec 25)
- Re: de-peering for security sake Baldur Norddahl (Dec 25)
- Re: de-peering for security sake Colin Johnston (Dec 25)
- Re: de-peering for security sake Baldur Norddahl (Dec 25)
- Re: de-peering for security sake Colin Johnston (Dec 25)
- Re: de-peering for security sake Owen DeLong (Dec 25)
- Re: de-peering for security sake Mikael Abrahamsson (Dec 25)
- Re: de-peering for security sake Clayton Zekelman (Dec 25)
- Re: de-peering for security sake Hugo Slabbert (Dec 25)
- Re: de-peering for security sake TR Shaw (Dec 25)