nanog mailing list archives

Blackholing APNIC Routes (or a subset of)

From: "Eric Germann" <ekgermann () cctec com>
Date: Tue, 5 Nov 2002 15:22:36 -0500

Anyone want to admit privately (I'll summarize to the list) if they actively
filter certain partitions of APNIC space?

We did a little experiment the past couple of days and saw at 85% of our
port 13[5-9] scans, Code Red/Nimda/formmail attempts, etc. go out the door
by blackholing those networks in .cn and .kr.

Thoughts?  Is it a valid thesis?  I've seen the discussions for spam
mitigation, etc via DNS, but this is actually null routing all their
traffic.

Eric



==========================================================================
  Eric Germann                                        CCTec
  ekgermann () cctec com                                 Van Wert OH 45801
  http://www.cctec.com                                Ph:  419 968 2640
                                                      Fax: 603 825 5893

"The fact that there are actually ways of knowing and characterizing the
extent of one’s ignorance, while still remaining ignorant, may ultimately be
more interesting and useful to people than Yarkovsky"

  -- Jon Giorgini of NASA’s Jet Propulsion Laboratory

Attachment: Eric Germann.vcf
Description:

Current thread:

Blackholing APNIC Routes (or a subset of) Eric Germann (Nov 05)
- Re: Blackholing APNIC Routes (or a subset of) Joe Abley (Nov 05)
- Re: Blackholing APNIC Routes (or a subset of) batz (Nov 05)
  - Re: Blackholing APNIC Routes (or a subset of) steve uurtamo (Nov 05)
  - Re: Blackholing APNIC Routes (or a subset of) Petri Helenius (Nov 05)