nanog mailing list archives

Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Mon, 20 Jul 2015 17:41:24 -0400

On Mon, Jul 20, 2015 at 3:18 PM, Colin Johnston <colinj () gt86car org uk> wrote:

in war you take information at face value and use it if needed to mitigate risk, if there is legit traffic in blocked 
ranges then excemption procedure in place to unblock.


it's not clear how blocking any list of addresse stops the 20-30gbps
of packets from arriving at your doorstep, but if you feel you're
doing the right thing for your network, I can only echo the words of
another: "I encourage my competitors to do this"

colin

Sent from my iPhone

On 20 Jul 2015, at 19:57, Valdis.Kletnieks () vt edu wrote:

On Mon, 20 Jul 2015 19:42:39 +0100, Colin Johnston said:

see below for china ranges I believe, ipv4 and ipv6


You may believe... but are you *sure*?  (Over the years, we've seen
*lots* of "block China" lists that accidentally block chunks allocated
to Taiwan or Australia or other Pacific Rim destinations).

And remember - asking the NIC doesn't help, because there are almost
certainly blocks allocated that the registration points to Korea or
someplace, but the provider routes a sub-block to China.  And let's
not even get started on blocks allocated by ARIN or RIPE....

(Yes, it *was* a trick question :)

Current thread:

Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours, (continued)
- - - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours mikea (Jul 20)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Jared Mauch (Jul 21)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Pavel Odintsov (Jul 21)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Justin M. Streiner (Jul 22)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Stephen Satchell (Jul 23)
    - RE: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Nicholas Warren (Jul 23)
    - RE: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Justin M. Streiner (Jul 23)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Ca By (Jul 23)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Valdis . Kletnieks (Jul 23)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Mike Hammett (Jul 21)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Christopher Morrow (Jul 20)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours ML (Jul 20)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Colin Johnston (Jul 20)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Valdis . Kletnieks (Jul 20)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours James Milko (Jul 20)
- Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Ca By (Jul 20)
  - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours John Weekes (Jul 20)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Ca By (Jul 20)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours John (Jul 20)
  - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Curtis Maurand (Jul 21)
    - Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours Jared Mauch (Jul 21)

(Thread continues...)