Tier1 blackholing policy?

Thomas Schmid schmid at dfn.de
Wed May 1 09:40:33 UTC 2013


Joel,

Am 30.04.2013 18:00, schrieb joel jaeggli:
> On 4/30/13 8:23 AM, Thomas Schmid wrote:
>> On 30.04.2013 17:07, Chris Boyd wrote:
>>> On Tue, 2013-04-30 at 10:59 -0400, ML wrote:
>>>> 1) Do nothing - They're supposed deliver any and all bits
>>>> (Disregarding
>>>> a DoS or similiar situation which impedes said network)
>>>> 2) Prefix filter - Don't be a party (at least in one direction) to the
>>>> bad actors traffic.
>>>
>>> 3 - Deliver all packets unless I've signed up for an enhanced security
>>> offering?
>>>
>>
>> right - I see this really as something that should be decided at the 
>> edge
>> of the internet (Tier2+) and not in the core.
> You seem to have odd ideas about what it means to be a settlement free 
> provider. Most of their customers are not smaller internet service 
> providers.

I know what it means to be a customer of 
$LargeGlobalISPthatsellsTransittootherISPs since
1995 and I have *never* seen one of these guys blackholing
single IPs on their own (and I'm not talking about RTB, botnet 
controllers that threaten to kill
the internet etc.). Now since a few weeks we get regular complaints 
about this. So something has changed.

The sensitive approach would really be to make this an opt-in service 
for their customers
and not a default service without opt-out option. In times of CGN and 
hundrets or thousands of
websites behind one IP, blocking addresses is not the right answer to 
the phishing problem.

    Thomas



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4589 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130501/f95d6eaa/attachment.bin>


More information about the NANOG mailing list