nanog mailing list archives
Re: Tier1 blackholing policy?
From: Jared Mauch <jared () puck nether net>
Date: Tue, 30 Apr 2013 17:20:04 -0400
On Apr 30, 2013, at 2:50 PM, bmanning () vacation karoshi com wrote:
Phone? You mean like Jitsi or Skype? Fax? I'd like to see some numbers to back your assertion of "Typical" restoration times of days.
my vendors deliver software fixes for "BGP" doesn't work in weeks, so I think that the following timeline and process I'm going to outline exceeds their BGP problems. 0 hour - Issue Reported 0-24 hours - triage; send to customer/internal customer to mitigate/remediate 25-48 hours - Customer responds, host taken down if hacked, etc.. 48-96 hours+ - If no response, IP null0'ed per AUP as network security risk 48-96 hours is also where the customer freaks out and quickly fixes their problem to come in compliance with AUP. This is a natural process. Null0 or ACLs don't stay up for days or weeks on end. That doesn't mean this catches 100% of all cases, but many ISPs get a daily report of phishing sites and malware hosted on their network each morning. You can get one too! http://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork You can get a daily ATLAS report from Arbor as well: http://atlas.arbor.net/ (Although I can't get anyone to fix a problem with it, so anyone there can email me if you have the power to fix it). There are other aggregators of data as well, such as SIE. If you don't know the health of your network, take a look. Many folks will email you these reports automatically, or provide you a direct feed (some in realtime, such as SIE). - Jared
Current thread:
- Tier1 blackholing policy? Thomas Schmid (Apr 30)
- Re: Tier1 blackholing policy? ML (Apr 30)
- Re: Tier1 blackholing policy? Chris Boyd (Apr 30)
- Re: Tier1 blackholing policy? Jared Mauch (Apr 30)
- Re: Tier1 blackholing policy? Tassos Chatzithomaoglou (Apr 30)
- Re: Tier1 blackholing policy? Darius Jahandarie (Apr 30)
- Re: Tier1 blackholing policy? Jared Mauch (Apr 30)
- Message not available
- Re: Tier1 blackholing policy? Jared Mauch (Apr 30)
- Re: Tier1 blackholing policy? Chris Boyd (Apr 30)
- Re: Tier1 blackholing policy? ML (Apr 30)
- Re: Tier1 blackholing policy? Patrick W. Gilmore (Apr 30)
- Re: Tier1 blackholing policy? Dobbins, Roland (Apr 30)
- Re: Tier1 blackholing policy? Thomas Schmid (Apr 30)
- Re: Tier1 blackholing policy? Patrick W. Gilmore (Apr 30)
- Re: Tier1 blackholing policy? Thomas Schmid (Apr 30)
- Re: Tier1 blackholing policy? Patrick W. Gilmore (Apr 30)
- Re: Tier1 blackholing policy? Thomas Schmid (Apr 30)
- Re: Tier1 blackholing policy? joel jaeggli (Apr 30)