de-peering for security sake
bzs at theworld.com
bzs at theworld.com
Wed Jan 20 06:06:13 UTC 2016
On January 19, 2016 at 10:12 moc at es.net (Michael O'Connor) wrote:
> Why do we believe network administrators can advocate perfectly for
> customer access?
Which is why I was advocating for some sort of generally agreed upon
standards and process written into contractual agreements.
This doesn't mean that someone has any inherent right to a private
company's (typically) resources, one could block whatever they please,
or nothing.
But when there's some agreement that there's been a consistent breech
of agreed-upon standards of behavior which should be responded to by
the broader community at least there'd be some guidance and process
beyond just urging everyone else to "de-peer" some sites on an
operations mailing list.
The goal would be setting standards for what is reasonable to send
(e.g., not DDoS), not what is received.
> I couldn't control my own children's access without making us all
> miserable.
>
> Nation state access control in a free country at the network layer is bound
> to fail, way too many cats to herd.
>
>
>
> On Mon, Jan 18, 2016 at 2:31 PM, <bzs at theworld.com> wrote:
>
> >
> > On January 18, 2016 at 00:21 Valdis.Kletnieks at vt.edu (
> > Valdis.Kletnieks at vt.edu) wrote:
> > > On Sun, 17 Jan 2016 19:39:52 -0500, bzs at theworld.com said:
> > > > How about if backed by an agreement with the 5 RIRs stating no new
> > > > resource allocations or transfers etc unless a contract is signed and
> > > > enforced? Or similar.
> > >
> > > Then they'd just resort to hijacking address space.
> > >
> > > Oh wait, they already do that and get away with it....
> >
> > I think we're talking about two different problems, both valid.
> >
> > One is legitimate operators who probably mostly want to do the right
> > thing but are negligent, disagree (perhaps with many one this list) on
> > what is an actionable problem, etc.
> >
> > The other are those actors prone to criminality.
> >
> > I was addressing the first problem though I'd assert that progress on
> > the first problem would likely yield progress on the second, or
> > cooperation anyhow.
> >
> > >
> > > (And a threat of withholding IP address space from long-haul providers
> > isn't as
> > > credible - they have much less need for publicly routed IP addresses
> > than
> > > either eyeball farms or content farms, so you'll have to find some
> > other way to
> > > motivate them to not accept a hijacked route announcement...)
> > >
> >
> > No man is an island entire of himself -- John Donne.
> >
> > First one has to agree to the concept of creating a network based on
> > contractual agreements.
> >
> > I gave some examples of how to encourage actors to enter into those
> > contracts, my list wasn't intended to be exhaustive, it was intended
> > to be an existence proof, some pressure points exist and are easy to
> > understand even if not complete.
> >
> > Besides, why make the perfect the enemy of the good? If many, perhaps
> > not all (or not at first), agreed to a common set of contractual
> > obligations that would be progress, no?
> >
> > Is there even a document which describes what a "hijacked" net block
> > is and why it is bad? Obvious? No, it is not obvious. The best one can
> > say is there exist obvious cases.
> >
> > --
> > -Barry Shein
> >
> > Software Tool & Die | bzs at TheWorld.com |
> > http://www.TheWorld.com
> > Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
> > The World: Since 1989 | A Public Information Utility | *oo*
> >
>
>
>
> --
> Michael O'Connor
> ESnet Network Engineering
> moc at es.net
> 631 344-7410
--
-Barry Shein
Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
The World: Since 1989 | A Public Information Utility | *oo*
More information about the NANOG
mailing list