North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Atrivo/Intercage: Now Only 1 Upstream

  • From: Christopher Morrow
  • Date: Wed Sep 17 14:48:42 2008

On Wed, Sep 17, 2008 at 1:34 PM, Lamar Owen <lowen@xxxxxxxx> wrote:

> The point made by Christopher Morrow is well taken:
>> There's the additional issue of allowing a third party to
>>manage/traffic-engineer inside your network which might upset some
>>operations folks. If you can build a list on your own in a reasonable
>>fashion with supporting information and high confidence level that's
>>one story, if this list comes from "someone else" whom you don't even
>>have a billing-relationship with... it's hard to sell that when
>>something bad happens.
>>
>>Certainly not everyone feels this way (see 'popularity' of the
>>existing RBL/xbl lists) but in a larger network, or one that makes
>>money ...
>
> Folks who use a DNSBL are already letting people in their network, in the
> e-mail sense at least (and some firewall interfaces to these lists).  Those
> same people would likely not have a problem with a wish-they-were-bogons
> list.

dropping email or port scans to known-vulnerable ports is very
different from dropping all traffic from an ip/asn ... There have been
cases of large content folks (MS comes to mind) being infected with
badness, dropping that for a time is going to hurt more than dropping
email from it only.

> For infrastructure notes, see Team Cymru's description page at
> http://www.team-cymru.org/Services/Bogons/routeserver.html
>
> Seems easy enough to duplicate (of course, the devil is in the details, and

Sorry not just the route-server is necessary, if you want to do
something aside from 'drop traffic on the floor'. Take, for instance
the DNS Pinning attacks. If you have a large consumer base (or other
base dependent up on recursive resolvers) discarding traffic towards
the pinned resolvers is going to increase your costs... Prior to
accepting the routing change if you setup some infrastructure to
sinkhole the traffic and provide proper services out of that sinkhole
you'd at least avoid that issue.

where in your network can you sink a few gbps of traffic? regionally?
locally? centrally? never? always? planning that out is necessary.

-chris