On Tuesday, Nov 5, 2002, at 15:22 Canada/Eastern, Eric Germann wrote:
Anyone want to admit privately (I'll summarize to the list) if they actively filter certain partitions of APNIC space?
We did a little experiment the past couple of days and saw at 85% of our port 13[5-9] scans, Code Red/Nimda/formmail attempts, etc. go out the door by blackholing those networks in .cn and .kr.
Thoughts? Is it a valid thesis? I've seen the discussions for spam mitigation, etc via DNS, but this is actually null routing all their traffic.
Speaking as someone who used to operate networks in New Zealand, please take care not to blame the whole region for troublesome traffic originating from one or two countries. There is nothing people in NZ can do about network abuse in China or Korea. Subject lines that read "Blackholing APNIC Routes" are best avoided, in my opinion, lest they give people ideas. In other news, despite what several large network operators might think, 202/7 is not "CHINANET" :) Joe