nanog mailing list archives
Re: de-peering for security sake
From: Owen DeLong <owen () delong com>
Date: Sat, 26 Dec 2015 12:28:07 -0800
I think as granular as practicable. In some cases, that will be a /32 or /128. In some cases, that will be a /24 or /64. In some cases, it may be an entire ASN. Each network will need to decide for themselves based on the constraints of the time they have to address the issue, the level of automation for addressing these things, memory in their routing platform(s), etc. There is no one-size-fits all answer. Owen
On Dec 26, 2015, at 06:19 , Mike Hammett <nanog () ics-il net> wrote: How much is an acceptable standard to the community? Individual /32s ( or /64s)? Some tipping point where 50% of a /24 (or whatever it's IPv6 equivalent would be) has made your naughty list that you block the whole prefix? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Owen DeLong" <owen () delong com> To: "Dan Hollis" <goemon () anime net> Cc: "Mike Hammett" <nanog () ics-il net>, "NANOG" <nanog () nanog org> Sent: Saturday, December 26, 2015 1:00:35 AM Subject: Re: de-peering for security sakeOn Dec 25, 2015, at 22:16 , Dan Hollis <goemon () anime net> wrote: On Fri, 25 Dec 2015, Owen DeLong wrote:Merely because people are asleep at the switch does not give those of us in a position to understand the consequences license to abuse our position.At what point do you cut the wire? How abusive is acceptable?IMHO, you never cut the wire. You may filter selectively, but cutting the wire comes with far more collateral damage than actual useful effect. Owen
Current thread:
- Re: de-peering for security sake, (continued)
- Re: de-peering for security sake Owen DeLong (Dec 27)
- Re: de-peering for security sake Baldur Norddahl (Dec 27)
- Re: de-peering for security sake Owen DeLong (Dec 27)
- Re: de-peering for security sake Mike Hale (Dec 27)
- Re: de-peering for security sake Matthew Petach (Dec 26)
- Re: de-peering for security sake Damian Menscher via NANOG (Dec 26)
- Re: de-peering for security sake Valdis . Kletnieks (Dec 26)
- Re: de-peering for security sake James Downs (Dec 27)
- Re: de-peering for security sake Jared Mauch (Dec 26)
- Re: de-peering for security sake Mike Hammett (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Mark Tinka (Dec 25)
- Re: de-peering for security sake Joel Jaeggli (Dec 24)
- Re: de-peering for security sake Max Tulyev (Dec 25)
- RE: Broadband Router Comparisons Keith Medcalf (Dec 24)
- Re: Broadband Router Comparisons Mikael Abrahamsson (Dec 26)
- Re: Broadband Router Comparisons Valdis . Kletnieks (Dec 27)
- Re: Broadband Router Comparisons Mikael Abrahamsson (Dec 27)
- Re: Broadband Router Comparisons Larry Sheldon (Dec 27)