How quickly can CN be firewalled anyway?
As quickly as you can write route-map filters
-DAn
About as long as it takes to add an import filter on your router?
i don't know that it will be that easy.
surely, not all of china connects through a single AS.
as well, i suspect that the same hackers would be able to manage a dial-up
into some extra-china ISP.
I just love the way (some) Americans bleat about their
supposed constitutional rights to have their packets
passed between any given pair of networks, but (perhaps
others) are quite happy to route-map out entire
subcontinents on the basis there might be a few
(i.e. statistically insignificant number of)
trouble makers there... Somehow I just can't
imagine someone suggesting AOL / Earthlink
(& I've seen plenty of 'interesting' packets
from there) are blackholed for the same reason
would get away with this on NANOG.
I just love the way (some) Americans bleat about their
supposed constitutional rights to have their packets
passed between any given pair of networks, but (perhaps
others) are quite happy to route-map out entire
subcontinents on the basis there might be a few
(i.e. statistically insignificant number of)
trouble makers there...
AS4134 is totally black hat. 100% rogue and haven for spammers and
crackers.
They have a bogus replybot which gives automated bullshit excuses to abuse
reports.
Somehow I just can't imagine someone suggesting AOL / Earthlink
(& I've seen plenty of 'interesting' packets
from there) are blackholed for the same reason
would get away with this on NANOG.
because aol/earthlink actually bother to respond to abuse reports (albeit
slowly).
AS4134 basically tells you to fuck off and eat your spam and tolerate
their script kiddies.
-Dan
"cant block them all, so might as well block none"?
Why make script kiddies life easier?
-Dan
Personally, I'd *love* to firewall Earthlink and AOL... As well as
/dev/null all their spam and g-line them from the IRC servers of the world
and block all access from/to AIM and friends.
But, alas and alack, that darned responsibility thin...
Matthew Devney
This is preposterous rubbish.
So some fringe group says they are going to do a protest and so you
promote blocking a whole country?
> How quickly can CN be firewalled anyway?
As quickly as you can write route-map filters
-DAn
+------------------- H U R R I C A N E - E L E C T R I C -------------------+
Its been a long time coming actually. "the last straw" you might say.
-Dan
i don't know that it will be that easy.
surely, not all of china connects through a single AS.
87 ASes registered to china from whois records
(might be more by now, that's from old snapshot)
that doesn't include non-.cn ISPs with
customers in china...
it doesn't strike me as impossible to
write a virus (a la lion)
http://www.nipc.gov/warnings/advisories/2001/01-009.htm
that could trigger to spread infection as soon
as it could tell that no chinese-based ASes
were reachable from it
(get the world to protect china with filters,
then release the toxins...)
so `protecting the Internet from china w AS filters'
information warfare policy
makes me a little nervous
maybe we could just really slow down all traffic headed there
oh wait we already do that
k
pfffff I have seen it all now, this event came out like 3 weeks ago and I
have
yet to see any major attacks from China, I think no one wants trouble and
china has enacted some rather strict laws to prevent such activity.
I read a lot of press and china does have some propaganda mills as
does any country.
I believe if we react to this, we are serving obsolete cold war interests
and
will become instruments in harming the US economy. We are in a peace time
economy, where most product designers want to remain. This issue is not
open for debate.
Report incidents to China Telecom for determination and prosecution.
No I am not chinese, I am just an American who would rather promote
good will, rather than obsolete policy.
Lets move away from this, it sux
Dan Hollis wrote:
Oh we try, but they all end up being binned.
I recall someone (maybe from this list) going to mainland china and
talking to several authorities there about their open relays and spamming
and network attacks. They didnt show much interest in stopping it. Though
when "pornography" and "falun gong" were mentioned, they finally started
paying attention.
-Dan
I believe if we react to this, we are serving obsolete cold war interests
and will become instruments in harming the US economy. We are in a peace
time economy, where most product designers want to remain. This issue is
not open for debate.
No I am not chinese, I am just an American who would rather promote
good will, rather than obsolete policy.
Lets move away from this, it sux
yes, YES, and yes. 
scott
On Mon, Apr 30, 2001 at 04:17:27PM -0700, mdevney@teamsphere.com scribbled:
Personally, I'd *love* to firewall Earthlink and AOL... As well as
/dev/null all their spam and g-line them from the IRC servers of the world
and block all access from/to AIM and friends.
And how will you access the AIM and ICQ servers if you block AOL?
Remember who owns the *A*IM and ICQ servers....
UM, I think that he had bundled AIM and ICQ into the "^%*###@!!! waste of
bandwidth" catagory. That is if I read the original message
correctly. Believe it or not, there are a WHOLE bunch of operators who
actually use the fangled device that Alexander Bell patented when we need
to contact someone FAST. (That is when the ^&*(#'s have valid information
out at PUCK or in ARIN or something at least mirrored by RADB.)
If he's going to "block all access from/to AIM and friends", why would
you assume he'd want to access AIM and friends?
Don't count out the utility of AIM so quickly.
If I need to speak to one of three people to get a problem with their
area fixed, I can pop up AIM and see that two are away, and call the right
one instead of wasting time on the other two. (It's not perfect, but then
an unanswered phone isn't proof the person isn't there, either.)
And don't forget this common instant message:
"Get off the phone, we have a problem." With instant feedback as to
delivery, unlike with most pagers.
It's another tool. If you use it wisely it's useful. If you rely upon it
for things it's not built to do, it sucks.