Tier1 blackholing policy?
schmid at dfn.de
Wed May 1 09:40:33 UTC 2013
Am 30.04.2013 18:00, schrieb joel jaeggli:
> On 4/30/13 8:23 AM, Thomas Schmid wrote:
>> On 30.04.2013 17:07, Chris Boyd wrote:
>>> On Tue, 2013-04-30 at 10:59 -0400, ML wrote:
>>>> 1) Do nothing - They're supposed deliver any and all bits
>>>> a DoS or similiar situation which impedes said network)
>>>> 2) Prefix filter - Don't be a party (at least in one direction) to the
>>>> bad actors traffic.
>>> 3 - Deliver all packets unless I've signed up for an enhanced security
>> right - I see this really as something that should be decided at the
>> of the internet (Tier2+) and not in the core.
> You seem to have odd ideas about what it means to be a settlement free
> provider. Most of their customers are not smaller internet service
I know what it means to be a customer of
1995 and I have *never* seen one of these guys blackholing
single IPs on their own (and I'm not talking about RTB, botnet
controllers that threaten to kill
the internet etc.). Now since a few weeks we get regular complaints
about this. So something has changed.
The sensitive approach would really be to make this an opt-in service
for their customers
and not a default service without opt-out option. In times of CGN and
hundrets or thousands of
websites behind one IP, blocking addresses is not the right answer to
the phishing problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4589 bytes
Desc: S/MIME Kryptografische Unterschrift
More information about the NANOG