Re: Can someone from Amazon please answer.

In message <20160823233710.8dc3a5206...@rock.dv.isc.org>, Mark Andrews writes: > > I'm curious. What are you trying to achieve by blocking EDNS version > negotiation? Is it really too hard to return BADVERS to a EDNS > query with version != 0 along with the version of EDNS you support > in the

PCH peering survey 2016

Background: Five years ago PCH conducted the first, and to date only, comprehensive survey characterizing Internet peering agreements. The document that resulted can be found here: https://www.pch.net/resources/Papers/peering-survey/PCH-Peering-Survey-2011.pdf

Re: "Defensive" BGP hijacking?

On Wed, Sep 14, 2016 at 04:04:43PM -0400, Bryan Fields wrote: > I'm a bit ambivalent about BGP hijacking as a DDOS mitigation strategy. > Really there is no authority to say it's wrong. If your peers are cool with > it, and their peers are cool with it who's to say it's wrong? Meeting abuse with

Re: "Defensive" BGP hijacking?

Doug, I was basing my comments on your statement "If only there were a global system.." However you slice or dice it, the tyranny implications have not yet been addressed. That certainly needs to be in front of any technical idea such as RPKI. Although I haven't participated in the OT,

Re: "Defensive" BGP hijacking?

> On Sep 13, 2016, at 8:08 PM, Ca By wrote: > > On Tuesday, September 13, 2016, Doug Montgomery > wrote: > >> If only there were a global system, with consistent and verifiable security >> properties, to permit address holders to declare the set of

Re: "Defensive" BGP hijacking?

--- br...@bryanfields.net wrote: From: Bryan Fields I'm a bit ambivalent about BGP hijacking as a DDOS mitigation strategy. Really there is no authority to say it's wrong. If your peers are cool with it, and their peers are cool with it who's to say it's wrong?

Re: "Defensive" BGP hijacking?

--- jfmezei_na...@vaxination.ca wrote: From: Jean-Francois Mezei I got to think about this (dangerous thing :-( Ideally, law enforcement should have the smarts and tools to get involved in DDoS and other similar situations and have the power to compell upstream

Re: "Defensive" BGP hijacking?

On Wed, Sep 14, 2016 at 4:04 PM, Bryan Fields wrote: > On 9/14/16 3:09 AM, Scott Weeks wrote: > > > > Yes, RPKI. That's what I was waiting for. Now we can get to > > a real discussion > > Problem is, RPKI does not work for people with legacy blocks who will not > sign >

Re: "Defensive" BGP hijacking?

On 9/14/16 3:09 AM, Scott Weeks wrote: > > Yes, RPKI. That's what I was waiting for. Now we can get to > a real discussion Problem is, RPKI does not work for people with legacy blocks who will not sign a Legacy RSA. ARIN doesn't own or have any say on how we use it, and we're sure as heck not

Re: "Defensive" BGP hijacking?

I got to think about this (dangerous thing :-( Ideally, law enforcement should have the smarts and tools to get involved in DDoS and other similar situations and have the power to compell upstream provider(s) to shut service to a suspect. The current situation appears to be more of a wild-west

Re: "Defensive" BGP hijacking?

Scott and Doug, The problem with a new automated enforcement system is that it hobbles both agility and innovation. ISPs have enjoyed simple BGP management, entirely self-regulated, for decades. A global enforcement system, besides being dang hard to do correctly, brings the specter of

Re: "Defensive" BGP hijacking?

--- dougm.w...@gmail.com wrote: From: Doug Montgomery If only there were a global system, with consistent and verifiable security properties, to permit address holders to declare the set of AS's authorized to announce their prefixes, and routers anywhere on the Internet