Home page logo
/

nanog logo nanog mailing list archives

Re: Tier1 blackholing policy?
From: William Herrin <bill () herrin us>
Date: Tue, 30 Apr 2013 17:05:13 -0400

On Tue, Apr 30, 2013 at 10:31 AM, Thomas Schmid <schmid () dfn de> wrote:
We received recently customer complaints stating they can't reach certain
websites.
Investigation showed that the sites were not reachable via Tier1-T, but fine
via
Tier1-L. I contacted Tier1-T and the answer was something like "yeah, this
is a known phishing
site and to protect our customers we blackhole that IP" (btw - it was 2 ASes
away from Tier1-T).

Hi Thomas,

On the one hand, companies providing Internet transit are not
generally compelled by law to pass packets for any other given company
on the Internet.

On the other hand, announcing via BGP that you will carry particular
packets and then intentionally dropping them on the floor could easily
be construed as tortious interference.

The middle ground... propagating a BGP announcement but blocking a
small piece within it... I think I'd want to cover my backside by
setting a BGP community on that route which advised my peers that a
portion of it is dead-routed within my network so that they may
discard or deprioritize it if they choose.

Regards,
Bill Herrin

-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault