Homeland Security Alert System

David, what does "from" mean in your "rules"?

with .cc at the end? But there are very many
places with addresses in TLDs and ccTLDs other
than the geographical location.

passing through an AS known to be in a given



I didn't say that I did that, only that I know that
there are networks which deny all mail traffic from
certain ASes and/or TLDs on a fairly regular basis.
Personally I don't have a problem with .cc

I would say that for a US operator to respond to a
threat by enabling additional, temporary
logging/monitoring of specific ports would not be
unreasonable. Denying all traffic is a bit harsh,
especially from a paying customer, but I could
understand watching them really closely. Public
peers, on the other hand, might get a different sort
of treatment entirely...

The only reason this makes any sense at all is that
most networks are basically OK most of the time, so
the rest of your network can probably spare a little
bit of attention for a short period of time. If it
were forever, then that solution wouldn't work.

-David Barak
fully RFC 1925 compliant