de-peering for security sake

Colin Johnston colinj at
Fri Dec 25 20:10:38 UTC 2015

why do the chinese network folks never reply and action abuse reports, normal slow speed network abuse is tolerated, but not high speed deliberate abuse albeit compromised machines

Sent from my iPhone

> On 25 Dec 2015, at 19:43, Baldur Norddahl <baldur.norddahl at> wrote:
>> On 25 December 2015 at 20:06, Lee <ler762 at> wrote:
>> Enable IPv6 for your users.  1) it's not going to have any "history" &
>> 2) ipv6 probably isn't blocked.
> I am not aware of just one single government site in this country (Denmark)
> that is IPv6 enabled. There are zero danish news sites that are IPv6
> enabled. In fact, nothing here is IPv6 enabled - with the exception of all
> major ISP sites. For some strange reason all ISPs have IPv6 on their
> websites (but they do not provide IPv6 to their customers). It is sad
> really.
>>> So now my users can not access government sites because the IP ranges
>> were
>>> owned by a company in a different country two years ago.
>> Find one of your users that's a citizen of said gov't & forward their
>> complaint to the gov't sites.  Non-citizen complaints are much easier
>> to ignore..
> I am a citizen and yes, they do ignore us. If you can manage to find the
> right guy, he can probably fix it in a few minutes. It is just that there
> is no way to get to that guy. The front desk has no clue what you are
> talking about. To these people we should just stop sending traffic from
> Romania and it would all be fixed, no?
> To make it worse it is a really boring game of whack a mole. The users are
> constantly finding new sites that are either blocking us or are showing the
> site in the wrong language. Each time we open up a new IP series, it all
> starts over again. We do not have enough cash on hand to simply buy a real
> large chunk of IPv4, so we have multiple smaller blocks.
> With regards to this thread, I am finding a worrying trend for websites to
> block out of country IP-addresses at the firewall. In the past you could
> expect that some content would not play or that your credit card payment
> would be blocked. But now you never get to that stage because sites are
> dropping the packets at the firewall.
> Regards,
> Baldur

More information about the NANOG mailing list