nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

From: James Milko <jmilko () gmail com>
Date: Mon, 20 Jul 2015 15:45:24 -0400
On Mon, Jul 20, 2015 at 3:40 PM, ML <ml () kenweb org> wrote:


On 7/20/2015 2:57 PM, Valdis.Kletnieks () vt edu wrote:


On Mon, 20 Jul 2015 19:42:39 +0100, Colin Johnston said:


see below for china ranges I believe, ipv4 and ipv6


You may believe... but are you *sure*?  (Over the years, we've seen
*lots* of "block China" lists that accidentally block chunks allocated
to Taiwan or Australia or other Pacific Rim destinations).



If you really wanted to go the route of blocking all/almost all China.
Isn't there a short list of ASNs that provide transit to China
citizens/networks?
I'm referring to AS4134, AS4837, etc
Wouldn't blackholing any prefix with those ASNs in the AS path accomplish
the goal and stay up to date with a new prefixes originated from China?



That would prevent you from responding to their traffic (assuming DFZ),
 but their traffic would still have a valid route to your network.

JM
Previous By Date Next
Previous By Thread Next

Current thread: