de-peering for security sake

Michael O'Connor moc at es.net
Tue Jan 19 15:12:31 UTC 2016


Why do we believe network administrators can advocate perfectly for
customer access?
I couldn't control my own children's access without making us all
miserable.

Nation state access control in a free country at the network layer is bound
to fail, way too many cats to herd.



On Mon, Jan 18, 2016 at 2:31 PM, <bzs at theworld.com> wrote:

>
> On January 18, 2016 at 00:21 Valdis.Kletnieks at vt.edu (
> Valdis.Kletnieks at vt.edu) wrote:
>  > On Sun, 17 Jan 2016 19:39:52 -0500, bzs at theworld.com said:
>  > > How about if backed by an agreement with the 5 RIRs stating no new
>  > > resource allocations or transfers etc unless a contract is signed and
>  > > enforced? Or similar.
>  >
>  > Then they'd just resort to hijacking address space.
>  >
>  > Oh wait, they already do that and get away with it....
>
> I think we're talking about two different problems, both valid.
>
> One is legitimate operators who probably mostly want to do the right
> thing but are negligent, disagree (perhaps with many one this list) on
> what is an actionable problem, etc.
>
> The other are those actors prone to criminality.
>
> I was addressing the first problem though I'd assert that progress on
> the first problem would likely yield progress on the second, or
> cooperation anyhow.
>
>  >
>  > (And a threat of withholding IP address space from long-haul providers
> isn't as
>  > credible - they have much less need for publicly routed IP addresses
> than
>  > either eyeball farms or content farms, so you'll have to find some
> other way to
>  > motivate them to not accept a hijacked route announcement...)
>  >
>
> No man is an island entire of himself -- John Donne.
>
> First one has to agree to the concept of creating a network based on
> contractual agreements.
>
> I gave some examples of how to encourage actors to enter into those
> contracts, my list wasn't intended to be exhaustive, it was intended
> to be an existence proof, some pressure points exist and are easy to
> understand even if not complete.
>
> Besides, why make the perfect the enemy of the good? If many, perhaps
> not all (or not at first), agreed to a common set of contractual
> obligations that would be progress, no?
>
> Is there even a document which describes what a "hijacked" net block
> is and why it is bad? Obvious? No, it is not obvious. The best one can
> say is there exist obvious cases.
>
> --
>         -Barry Shein
>
> Software Tool & Die    | bzs at TheWorld.com             |
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
> The World: Since 1989  | A Public Information Utility | *oo*
>



-- 
Michael O'Connor
ESnet Network Engineering
moc at es.net
631 344-7410



More information about the NANOG mailing list