At 22:58 09/10/2014 +0200, Christian Seitz wrote:
Allowing ASN to blackhole a prefix based on AS sets is dangerous from my point
of view. In the RIPE database you can add any AS to your AS set without
verification. Ok, it doesn't make much difference because most IP transit
providers also filter
e DoS
weapon system. I admit that I don't know enough about how it works to make
that decision yet.
Steven Naslund
Chicago IL
>Subject: Re: Unwanted Traffic Removal Service (UTRS)
>On Thu, 09 Oct 2014 22:58:05 +0200
>Christian Seitz wrote:
>> What I do not like at this U
On Thu, 09 Oct 2014 22:58:05 +0200
Christian Seitz wrote:
> What I do not like at this UTRS idea is that I cannot announce a
> prefix via BGP. Somebody has to inject it for me. I would like to
> announce it in real time and not with delay because of manual
> approval.
While true today, it might
Hi Christian,
On Thu, Oct 09, 2014 at 10:58:05PM +0200, Christian Seitz wrote:
>
>
> Why is there no validation required when this is done by an IXP? "All
> peers are my customers and I do trust them"? What about private
> peerings via PNIs?
Validation is not required because the requester can
On Wed, Oct 8, 2014 at 9:59 AM, John Kristoff wrote:
> If you think this is a terrible idea and want to express all that is
> wrong with it, tell me that too, I can take it.
Hi John,
It's a good idea, I think, but it has a problem: it's an escalation in
an arms race that doesn't end well for the
On Wed, Oct 08, 2014 at 04:42:38PM +0200, Job Snijders wrote:
>
> There are various flavors at the moment in terms of validation (please
> correct me if I am wrong): The Polish blackholing project only allows
> blackholes which fall within the set of prefixes which an ASN
> originates, the DE-CIX
On Wed, Oct 08, 2014 at 04:02:21PM -, John Levine wrote:
> >information. But... (aside from any local safety net filter), it's quite
> >a leap to allow a single entity to inject blackholes for any prefix.
>
> Spamhaus has been distributing their DROP list by BGP for years. The
> world hasn't
>information. But... (aside from any local safety net filter), it's quite
>a leap to allow a single entity to inject blackholes for any prefix.
Spamhaus has been distributing their DROP list by BGP for years. The
world hasn't ended, and I can't recall the last time it had a
plausible false positi
On Wed, Oct 8, 2014 at 10:42 AM, Job Snijders wrote:
> Just like chicory, personally I don't like it. Yes, Cymru has build a
> reputation as clearing house for redistribution of security related
> information. But... (aside from any local safety net filter), it's quite
> a leap to allow a single e
On Wed, 8 Oct 2014 16:42:38 +0200
Job Snijders wrote:
> Just like chicory, personally I don't like it. Yes, Cymru has build a
> reputation as clearing house for redistribution of security related
> information. But... (aside from any local safety net filter), it's
> quite a leap to allow a single
Dear John,
On Wed, Oct 08, 2014 at 08:59:00AM -0500, John Kristoff wrote:
> UTRS is essentially a community RTBH that people have suggested to us
> would be a good service to provide, so we're giving it a go.
FYI, there are various projects which are similar to this concept:
http://www.de-ci
Friends and colleagues,
Yesterday I briefly discussed a new project we've recently launched and
for which invited participation from the NANOG 62 attendees. This is a
not so subtle wider request for consideration. UTRS is essentially a
community RTBH that people have suggested to us would be a g
12 matches
Mail list logo
