Re: Russian aligned ASNs?

[richey goldberg <richey.goldberg () gmail com>]

They have the skills and the ability to stop it but the people who report the traffic represent 0% of their revenue so 
they could care less.    It’s the same actors every single day.   Microsoft,  Amazon, Google, Phychz Networks, Digital 
Ocean, etc. that spew garbage from their networks.   For a while we would send abuse reports because management felt it 
would do nothing even though we told them it wouldn’t.       Out all of the reports sent I only ever saw one response 
that wasn’t a canned response and it was from Microsoft that basically said “Yea, we know it’s an issue but they pay us 
and you don’t so block it yourself”.

Of course it it’s your customer that’s sending them crap traffic they will go nuclear if you don’t remove the offending 
traffic in .1337 seconds.

-richey


From: Mike Hammett <nanog () ics-il net>
Date: Monday, February 28, 2022 at 10:43 AM
To: richey goldberg <richey.goldberg () gmail com>
Cc: North American Network Operators Group <nanog () nanog org>
Subject: Re: Russian aligned ASNs?
So the providers most likely to have the skills and capabilities to automate abuse mitigation are the least likely to 
do anything about it, even when asked?

</sarcasm>


-----
Mike Hammett
Intelligent Computing Solutions<http://www.ics-il.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/ICSIL>[http://www.ics-il.com/images/googleicon.png]<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/intelligent-computing-solutions>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/ICSIL>
Midwest Internet Exchange<http://www.midwest-ix.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/mdwestix>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/midwest-internet-exchange>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/mdwestix>
The Brothers WISP<http://www.thebrotherswisp.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/thebrotherswisp>[http://www.ics-il.com/images/youtubeicon.png]<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
________________________________
From: "richey goldberg" <richey.goldberg () gmail com>
To: "North American Network Operators Group" <nanog () nanog org>
Sent: Thursday, February 24, 2022 9:16:13 PM
Subject: Re: Russian aligned ASNs?
I don’t think that refusing Russian ASNs will do much to stop any kind of attacks.   They are going to attack from 
botnets that are global so that’s not going to stop them.    If anything blocking Russian ASNs will stop the flow of 
information going into Russia.     I think we’re better off doing what we can to take down any machines that are 
participating in attacks if they live on machines that are downstream from you.   One of the biggest issues I face in 
my daily tasks is getting other provers to take down machines.   I’m talking to you Microsoft, Amazon, Digital Ocean 
and the likes…..


-richey

From: NANOG <nanog-bounces+richey.goldberg=gmail.com () nanog org> on behalf of William Allen Simpson 
<william.allen.simpson () gmail com>
Date: Thursday, February 24, 2022 at 7:41 PM
To: North American Network Operators Group <nanog () nanog org>
Subject: Russian aligned ASNs?
There have been reports of DDoS and new targeted malware attacks.

There were questions in the media about cutting off the Internet.

Apparently some Russian government sites have already cut themselves
off, presumably to avoid counterattacks.

Would it improve Internet health to refuse Russian ASN announcements?

What is our community doing to assist Ukraine against these attacks?