Re: de-peering for security sake

[bzs () theworld com]

On January 19, 2016 at 10:12 moc () es net (Michael O'Connor) wrote:
> Why do we believe network administrators can advocate perfectly for
> customer access?

Which is why I was advocating for some sort of generally agreed upon
standards and process written into contractual agreements.

This doesn't mean that someone has any inherent right to a private
company's (typically) resources, one could block whatever they please,
or nothing.

But when there's some agreement that there's been a consistent breech
of agreed-upon standards of behavior which should be responded to by
the broader community at least there'd be some guidance and process
beyond just urging everyone else to "de-peer" some sites on an
operations mailing list.

The goal would be setting standards for what is reasonable to send
(e.g., not DDoS), not what is received.

> I couldn't control my own children's access without making us all
> miserable.
>
> Nation state access control in a free country at the network layer is bound
> to fail, way too many cats to herd.
>
>
>
> On Mon, Jan 18, 2016 at 2:31 PM, <bzs () theworld com> wrote:
>
> > On January 18, 2016 at 00:21 Valdis.Kletnieks () vt edu (
> > Valdis.Kletnieks () vt edu) wrote:
> >  > On Sun, 17 Jan 2016 19:39:52 -0500, bzs () theworld com said:
> >  > > How about if backed by an agreement with the 5 RIRs stating no new
> >  > > resource allocations or transfers etc unless a contract is signed and
> >  > > enforced? Or similar.
> >  >
> >  > Then they'd just resort to hijacking address space.
> >  >
> >  > Oh wait, they already do that and get away with it....
> >
> > I think we're talking about two different problems, both valid.
> >
> > One is legitimate operators who probably mostly want to do the right
> > thing but are negligent, disagree (perhaps with many one this list) on
> > what is an actionable problem, etc.
> >
> > The other are those actors prone to criminality.
> >
> > I was addressing the first problem though I'd assert that progress on
> > the first problem would likely yield progress on the second, or
> > cooperation anyhow.
> >
> >  >
> >  > (And a threat of withholding IP address space from long-haul providers
> > isn't as
> >  > credible - they have much less need for publicly routed IP addresses
> > than
> >  > either eyeball farms or content farms, so you'll have to find some
> > other way to
> >  > motivate them to not accept a hijacked route announcement...)
> >  >
> >
> > No man is an island entire of himself -- John Donne.
> >
> > First one has to agree to the concept of creating a network based on
> > contractual agreements.
> >
> > I gave some examples of how to encourage actors to enter into those
> > contracts, my list wasn't intended to be exhaustive, it was intended
> > to be an existence proof, some pressure points exist and are easy to
> > understand even if not complete.
> >
> > Besides, why make the perfect the enemy of the good? If many, perhaps
> > not all (or not at first), agreed to a common set of contractual
> > obligations that would be progress, no?
> >
> > Is there even a document which describes what a "hijacked" net block
> > is and why it is bad? Obvious? No, it is not obvious. The best one can
> > say is there exist obvious cases.
> >
> > --
> >         -Barry Shein
> >
> > Software Tool & Die    | bzs () TheWorld com             |
> > http://www.TheWorld.com
> > Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
> > The World: Since 1989  | A Public Information Utility | *oo*
>
>
>
> -- 
> Michael O'Connor
> ESnet Network Engineering
> moc () es net
> 631 344-7410

-- 
        -Barry Shein

Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*