BGP hijack from 23724 -> 4134 China?

Daniel Karrenberg daniel.karrenberg at ripe.net
Fri Apr 9 06:22:37 UTC 2010


On 08.04 14:36, Brielle Bruns wrote:
> 
> I'm starting to wonder if someone is 'testing the waters' in China to 
> see what they can get away with. I hate to be like this, but there's a 
> reason why I have all of China filtered on my routers.

Beware of prejudice influencing observations and their interpretation.

> ....

> Amazing how much  SSH hammering, spam, and other nastiness went away 
> within minutes of the filtering going in place.

Objectively for my networks the vast majority of the SSH hammering, spam
and other nastiness would go away if I filtered out the prefixes allocated 
by ARIN. I do not do that because I want to talk to hosts at these addressses.
Sometimes I even want to talk to hosts that originnate the nastiness. I certainly
do not want my upstreams start preventing me from doing that. 

**** Selectively preventing packet flow is *not* a security measure.

**** Selectively preventing packet flow leads to unexpected and hard to diagnose breakage.

**** Many independent actors selectively preventing packet flow will eventually
     partition the Internet sufficiently to break it beyond recognition.

Preventing packet flow may be necessary to mitigate DoS and to do local 
security; I have pulled out the network cable before too. However doing it at
many different places in the network according to local policies leads to
bad breakage.


Daniel




More information about the NANOG mailing list