On Mon, Jul 20, 2015 at 3:18 PM, Colin Johnston <colinj@gt86car.org.uk> wrote:
in war you take information at face value and use it if needed to mitigate risk, if there is legit traffic in blocked ranges then excemption procedure in place to unblock.
it's not clear how blocking any list of addresse stops the 20-30gbps of packets from arriving at your doorstep, but if you feel you're doing the right thing for your network, I can only echo the words of another: "I encourage my competitors to do this"
colin
Sent from my iPhone
On 20 Jul 2015, at 19:57, Valdis.Kletnieks@vt.edu wrote:
On Mon, 20 Jul 2015 19:42:39 +0100, Colin Johnston said:
see below for china ranges I believe, ipv4 and ipv6
You may believe... but are you *sure*? (Over the years, we've seen *lots* of "block China" lists that accidentally block chunks allocated to Taiwan or Australia or other Pacific Rim destinations).
And remember - asking the NIC doesn't help, because there are almost certainly blocks allocated that the registration points to Korea or someplace, but the provider routes a sub-block to China. And let's not even get started on blocks allocated by ARIN or RIPE....
(Yes, it *was* a trick question :)