de-peering for security sake
ler762 at gmail.com
Fri Dec 25 19:06:33 UTC 2015
On 12/24/15, Baldur Norddahl <baldur.norddahl at gmail.com> wrote:
> I am afraid people are already doing this. Every time I bring a new IP
> series into production, my users will complain that they are locked out
> from sites including many government sites. This is because people will
> load IP location lists into their firewall and drop packets at the border.
> Of course they will not update said lists and load year old lists into
> their firewalls.
Enable IPv6 for your users. 1) it's not going to have any "history" &
2) ipv6 probably isn't blocked.
> So now my users can not access government sites because the IP ranges were
> owned by a company in a different country two years ago.
Find one of your users that's a citizen of said gov't & forward their
complaint to the gov't sites. Non-citizen complaints are much easier
> Take a guess on how responsive site owners are when we complain about their
> firewall. Most refuse to acknowledge they do any blocking and insist the
> problem is at our end. That is if they respond at all.
> On 25 December 2015 at 02:25, Stephen Satchell <list at satchell.net> wrote:
>> On 12/24/2015 04:50 PM, Daniel Corbe wrote:
>>> Let’s just cut off the entirety of the third world instead of having
>>> a tangible mitigation plan in place.
>> While you thing you are making a snarky response, it would be handy for
>> end users to be able to turn on and off access to other countries retail.
>> If *they* don't need access to certain third world countries, it would be
>> their decision, not the operator's decision.
>> For example, here on my little network we have no need for connectivity
>> much of Asia, Africa, or India. We do have need to talk to Europe,
>> Australia, and some countries in South America.
More information about the NANOG