Re: net.terrorism

[William Allen Simpson <wsimpson () greendragon com>]

Sabri Berisha wrote:
> I am concerned. Concerned about people and companies who think they are in
> the position to be net.gods and for political reasons destroy the free
> character of the internet.
I've been involved for over 20 years, and don't remember this "free 
character".  Perhaps there is a language translation problem?  That 
also applies to the use of the word "terrorism"?


> In the history of the internet, people have been trusting each other. 

When?  I remember the RFCs on policy based routing over a decade ago.  
Have you read them?


> In my opinion, announcing a netblock using BGP4 is making a promise to
> carry traffic to a destination within that netblock. If you feel that
> parts of that network are against your ethics or AUP, you should not be
> announcing such a netblock. 

Announcing a netblock doesn't promise that every address in that block 
exists or is reachable.  A network that is blocked for AUP violations
doesn't "exist", and usually returns the ICMP message "Unreachable -- 
Administratively Prohibited" specifically designed for such situations.  
Have you read "Router Requirements"?


> Above.net is blocking a host in UUnet IP space. 
> ...
> > 194.178.232.55/32. --> this tester is part of a /16 belonging to
> > uunet, and sends traffic which is in violation of our AUG.  we
> > complained to uunet without any effect.  if we have blocked access
> > from this /32 to our backbone, we are within our rights.
>
> After this mail, we contacted Above.net again. They basically told us it
> was for our own protection because that traffic from that host does not
> comply to their AUP. We specifically told them we really don't mind them
> blackholing that host but *announcing* a route for it. So far no response.
Where did they announce a "host route"?  I thought you said they 
announce a route to an netblock -- an entire /16?

It seems from the email that they clearly stated that the traffic was 
in violation of the AUP.  We all block specific sites that harm our 
networks.  Otherwise, there would be no capacity left for our 
customers.  It's the "policy" part, for which BGP was designed.  Go 
read the design RFCs.

If you are participating in tests with 194.178.232.55 
(relaytest.orbs.vuurwerk.nl), then you need a private connection to 
that specific site, just as many academic sites test unstable network 
software.  Expensive, but shouldn't be too bad considering that both of 
you are in the Netherlands....

WSimpson () UMich edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32