RE: black hat .cn networks
How quickly can CN be firewalled anyway?
-----Original Message----- From: Dan Hollis [mailto:goemon@anime.net] Sent: Monday, April 30, 2001 2:59 PM To: 'nanog@merit.edu' Subject: black hat .cn networks
http://wired.com/news/politics/0,1283,43437,00.html
Time to drop AS4134.
-Dan
On Mon, Apr 30, 2001 at 03:11:25PM -0700, Dan Hollis wrote:
On Mon, 30 Apr 2001, Roeland Meyer wrote:
How quickly can CN be firewalled anyway?
As quickly as you can write route-map filters
i don't know that it will be that easy. surely, not all of china connects through a single AS. as well, i suspect that the same hackers would be able to manage a dial-up into some extra-china ISP. -- [ Jim Mercer jim@pneumonoultramicroscopicsilicovolcanoconiosis.ca ] [ Reptilian Research -- Longer Life through Colder Blood ] [ aka jim@reptiles.org +1 416 410-5633 ]
On Mon, 30 Apr 2001, Jim Mercer wrote:
On Mon, Apr 30, 2001 at 03:11:25PM -0700, Dan Hollis wrote:
On Mon, 30 Apr 2001, Roeland Meyer wrote:
How quickly can CN be firewalled anyway? As quickly as you can write route-map filters i don't know that it will be that easy. surely, not all of china connects through a single AS. as well, i suspect that the same hackers would be able to manage a dial-up into some extra-china ISP.
"cant block them all, so might as well block none"? Why make script kiddies life easier? -Dan
On Mon, Apr 30, 2001 at 06:23:00PM -0400, Jim Mercer wrote: On Mon, Apr 30, 2001 at 03:11:25PM -0700, Dan Hollis wrote:
On Mon, 30 Apr 2001, Roeland Meyer wrote:
How quickly can CN be firewalled anyway?
As quickly as you can write route-map filters
i don't know that it will be that easy. surely, not all of china connects through a single AS. 87 ASes registered to china from whois records (might be more by now, that's from old snapshot) that doesn't include non-.cn ISPs with customers in china... it doesn't strike me as impossible to write a virus (a la lion) http://www.nipc.gov/warnings/advisories/2001/01-009.htm that could trigger to spread infection as soon as it could tell that no chinese-based ASes were reachable from it (get the world to protect china with filters, then release the toxins...) so `protecting the Internet from china w AS filters' information warfare policy makes me a little nervous maybe we could just really slow down all traffic headed there oh wait we already do that k
On Mon, 30 Apr 2001, Roeland Meyer wrote:
How quickly can CN be firewalled anyway?
As quickly as you can write route-map filters
I just love the way (some) Americans bleat about their supposed constitutional rights to have their packets passed between any given pair of networks, but (perhaps others) are quite happy to route-map out entire subcontinents on the basis there might be a few (i.e. statistically insignificant number of) trouble makers there... Somehow I just can't imagine someone suggesting AOL / Earthlink (& I've seen plenty of 'interesting' packets from there) are blackholed for the same reason would get away with this on NANOG. -- Alex Bligh Personal Capacity
On Mon, 30 Apr 2001, Alex Bligh wrote:
I just love the way (some) Americans bleat about their supposed constitutional rights to have their packets passed between any given pair of networks, but (perhaps others) are quite happy to route-map out entire subcontinents on the basis there might be a few (i.e. statistically insignificant number of) trouble makers there...
AS4134 is totally black hat. 100% rogue and haven for spammers and crackers. They have a bogus replybot which gives automated bullshit excuses to abuse reports.
Somehow I just can't imagine someone suggesting AOL / Earthlink (& I've seen plenty of 'interesting' packets from there) are blackholed for the same reason would get away with this on NANOG.
because aol/earthlink actually bother to respond to abuse reports (albeit slowly). AS4134 basically tells you to fuck off and eat your spam and tolerate their script kiddies. -Dan
On Mon, 30 Apr 2001, Alex Bligh wrote:
On Mon, 30 Apr 2001, Roeland Meyer wrote:
How quickly can CN be firewalled anyway?
As quickly as you can write route-map filters
I just love the way (some) Americans bleat about their supposed constitutional rights to have their packets passed between any given pair of networks, but (perhaps others) are quite happy to route-map out entire subcontinents on the basis there might be a few (i.e. statistically insignificant number of) trouble makers there... Somehow I just can't imagine someone suggesting AOL / Earthlink (& I've seen plenty of 'interesting' packets from there) are blackholed for the same reason would get away with this on NANOG.
Personally, I'd *love* to firewall Earthlink and AOL... As well as /dev/null all their spam and g-line them from the IRC servers of the world and block all access from/to AIM and friends. But, alas and alack, that darned responsibility thin... Matthew Devney
On Mon, Apr 30, 2001 at 04:17:27PM -0700, mdevney@teamsphere.com scribbled: | Personally, I'd *love* to firewall Earthlink and AOL... As well as | /dev/null all their spam and g-line them from the IRC servers of the world | and block all access from/to AIM and friends. And how will you access the AIM and ICQ servers if you block AOL? Remember who owns the *A*IM and ICQ servers.... -- +-----------------------------------------------------------+ | keichii@iteration.net | keichii@freebsd.org | | http://iteration.net/~keichii | Yes, BSD is a conspiracy. | +-----------------------------------------------------------+
On Tue, 1 May 2001, Michael C . Wu wrote:
On Mon, Apr 30, 2001 at 04:17:27PM -0700, mdevney@teamsphere.com scribbled: | Personally, I'd *love* to firewall Earthlink and AOL... As well as | /dev/null all their spam and g-line them from the IRC servers of the world | and block all access from/to AIM and friends.
And how will you access the AIM and ICQ servers if you block AOL? Remember who owns the *A*IM and ICQ servers....
-- +-----------------------------------------------------------+ | keichii@iteration.net | keichii@freebsd.org | | http://iteration.net/~keichii | Yes, BSD is a conspiracy. | +-----------------------------------------------------------+
UM, I think that he had bundled AIM and ICQ into the "^%*###@!!! waste of bandwidth" catagory. That is if I read the original message correctly. Believe it or not, there are a WHOLE bunch of operators who actually use the fangled device that Alexander Bell patented when we need to contact someone FAST. (That is when the ^&*(#'s have valid information out at PUCK or in ARIN or something at least mirrored by RADB.) --- John Fraizer EnterZone, Inc
On Wed, May 02, 2001 at 03:18:15AM -0400, John Fraizer wrote:
correctly. Believe it or not, there are a WHOLE bunch of operators who actually use the fangled device that Alexander Bell patented when we need to contact someone FAST. (That is when the ^&*(#'s have valid information out at PUCK or in ARIN or something at least mirrored by RADB.)
Don't count out the utility of AIM so quickly. If I need to speak to one of three people to get a problem with their area fixed, I can pop up AIM and see that two are away, and call the right one instead of wasting time on the other two. (It's not perfect, but then an unanswered phone isn't proof the person isn't there, either.) And don't forget this common instant message: "Get off the phone, we have a problem." With instant feedback as to delivery, unlike with most pagers. It's another tool. If you use it wisely it's useful. If you rely upon it for things it's not built to do, it sucks.
On Tue, May 01, 2001 at 11:24:20PM -0500, Michael C . Wu wrote:
| /dev/null all their spam and g-line them from the IRC servers of the world | and block all access from/to AIM and friends.
And how will you access the AIM and ICQ servers if you block AOL? Remember who owns the *A*IM and ICQ servers....
If he's going to "block all access from/to AIM and friends", why would you assume he'd want to access AIM and friends?
This is preposterous rubbish. So some fringe group says they are going to do a protest and so you promote blocking a whole country? On Mon, 30 Apr 2001, Dan Hollis wrote:
On Mon, 30 Apr 2001, Roeland Meyer wrote:
How quickly can CN be firewalled anyway?
As quickly as you can write route-map filters
-DAn
+------------------- H U R R I C A N E - E L E C T R I C -------------------+ | Mike Leber Direct Internet Connections Voice 510 580 4100 | | Hurricane Electric Web Hosting Colocation Fax 510 580 4151 | | mleber@he.net http://www.he.net | +---------------------------------------------------------------------------+
On Mon, 30 Apr 2001, Mike Leber wrote:
This is preposterous rubbish. So some fringe group says they are going to do a protest and so you promote blocking a whole country?
Its been a long time coming actually. "the last straw" you might say. -Dan
pfffff I have seen it all now, this event came out like 3 weeks ago and I have yet to see any major attacks from China, I think no one wants trouble and china has enacted some rather strict laws to prevent such activity. I read a lot of press and china does have some propaganda mills as does any country. I believe if we react to this, we are serving obsolete cold war interests and will become instruments in harming the US economy. We are in a peace time economy, where most product designers want to remain. This issue is not open for debate. Report incidents to China Telecom for determination and prosecution. No I am not chinese, I am just an American who would rather promote good will, rather than obsolete policy. Lets move away from this, it sux Dan Hollis wrote:
On Mon, 30 Apr 2001, Mike Leber wrote:
This is preposterous rubbish. So some fringe group says they are going to do a protest and so you promote blocking a whole country?
Its been a long time coming actually. "the last straw" you might say.
-Dan
-- Thank you; |---------------------------------| | Thinking is a learned process. | | ICANN member @large | | Gigabit over IP, ieee 802.17 | | working group | | Resilient Packet Transport | | http://www.luminousnetworks.com | |---------------------------------| Henry R. Linneweh
On Mon, 30 Apr 2001, Henry R. Linneweh wrote:
Report incidents to China Telecom for determination and prosecution.
Oh we try, but they all end up being binned. I recall someone (maybe from this list) going to mainland china and talking to several authorities there about their open relays and spamming and network attacks. They didnt show much interest in stopping it. Though when "pornography" and "falun gong" were mentioned, they finally started paying attention. -Dan
I believe if we react to this, we are serving obsolete cold war interests and will become instruments in harming the US economy. We are in a peace time economy, where most product designers want to remain. This issue is not open for debate.
No I am not chinese, I am just an American who would rather promote good will, rather than obsolete policy.
Lets move away from this, it sux
yes, YES, and yes. :-) scott
About as long as it takes to add an import filter on your router? On Mon, 30 Apr 2001, Roeland Meyer wrote:
How quickly can CN be firewalled anyway?
-----Original Message----- From: Dan Hollis [mailto:goemon@anime.net] Sent: Monday, April 30, 2001 2:59 PM To: 'nanog@merit.edu' Subject: black hat .cn networks
http://wired.com/news/politics/0,1283,43437,00.html
Time to drop AS4134.
-Dan
participants (13)
-
Aaron Dewell
-
Alex Bligh
-
Dan Hollis
-
Henry R. Linneweh
-
Jim Mercer
-
John Fraizer
-
k claffy
-
mdevney@teamsphere.com
-
Michael C . Wu
-
Mike Leber
-
Roeland Meyer
-
scott w
-
Shawn McMahon