Re: Blackholing APNIC Routes (or a subset of)

[Joe Abley <jabley () isc org>]

On Tuesday, Nov 5, 2002, at 15:22 Canada/Eastern, Eric Germann wrote:

> Anyone want to admit privately (I'll summarize to the list) if they 
> actively
> filter certain partitions of APNIC space?
>
> We did a little experiment the past couple of days and saw at 85% of 
> our
> port 13[5-9] scans, Code Red/Nimda/formmail attempts, etc. go out the 
> door
> by blackholing those networks in .cn and .kr.
>
> Thoughts?  Is it a valid thesis?  I've seen the discussions for spam
> mitigation, etc via DNS, but this is actually null routing all their
> traffic.

Speaking as someone who used to operate networks in New Zealand, please 
take care not to blame the whole region for troublesome traffic 
originating from one or two countries. There is nothing people in NZ 
can do about network abuse in China or Korea.

Subject lines that read "Blackholing APNIC Routes" are best avoided, in 
my opinion, lest they give people ideas. In other news, despite what 
several large network operators might think, 202/7 is not "CHINANET" :)


Joe