North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: net.terrorism
On Tue, 9 Jan 2001, William Allen Simpson wrote: > Sabri Berisha wrote: > > I am concerned. Concerned about people and companies who think they are in > > the position to be net.gods and for political reasons destroy the free > > character of the internet. > I've been involved for over 20 years, and don't remember this "free > character". Perhaps there is a language translation problem? That > also applies to the use of the word "terrorism"? "Free" as in everybody decides their own policies. "Terrorism" as in forcing your policies on someone elses network. > > In the history of the internet, people have been trusting each other. > > When? I remember the RFCs on policy based routing over a decade ago. > Have you read them? No. But if it makes you feel better, I will. > > In my opinion, announcing a netblock using BGP4 is making a promise to > > carry traffic to a destination within that netblock. If you feel that > > parts of that network are against your ethics or AUP, you should not be > > announcing such a netblock. > > Announcing a netblock doesn't promise that every address in that block > exists or is reachable. A network that is blocked for AUP violations > doesn't "exist", and usually returns the ICMP message "Unreachable -- > Administratively Prohibited" specifically designed for such situations. > Have you read "Router Requirements"? Why do you want me to have read everything you have read? My point is not policy based routing or which ICMP message I get. My point is not to announce something you won't route. > > Above.net is blocking a host in UUnet IP space. > >... > > > 194.178.232.55/32. --> this tester is part of a /16 belonging to > > > uunet, and sends traffic which is in violation of our AUG. we > > > complained to uunet without any effect. if we have blocked access > > > from this /32 to our backbone, we are within our rights. > > > > After this mail, we contacted Above.net again. They basically told us it > > was for our own protection because that traffic from that host does not > > comply to their AUP. We specifically told them we really don't mind them > > blackholing that host but *announcing* a route for it. So far no response. > > > Where did they announce a "host route"? I thought you said they > announce a route to an netblock -- an entire /16? Yes, they announced a /16. > It seems from the email that they clearly stated that the traffic was > in violation of the AUP. We all block specific sites that harm our > networks. Otherwise, there would be no capacity left for our > customers. It's the "policy" part, for which BGP was designed. Go > read the design RFCs. Read read read... I'm pretty familiair with BGP. > If you are participating in tests with 194.178.232.55 > (relaytest.orbs.vuurwerk.nl), then you need a private connection to > that specific site, just as many academic sites test unstable network > software. Expensive, but shouldn't be too bad considering that both of > you are in the Netherlands.... If I want to make sure my traffic gets to that host, I can set up a static route to our second uplink. But it's not *me* who should be filtering. How do I know which other hosts are being announced and blackholed? -- /* Sabri Berisha, non-interesting network dude. * * CCNA, BOFH, Systems admin Linux/FreeBSD */
|