Russian aligned ASNs?

There have been reports of DDoS and new targeted malware attacks.

There were questions in the media about cutting off the Internet.

Apparently some Russian government sites have already cut themselves
off, presumably to avoid counterattacks.

Would it improve Internet health to refuse Russian ASN announcements?

What is our community doing to assist Ukraine against these attacks?

If we're smart, waiting to see what our respective governments ask of
us so that we don't get in their way.

Bill Herrin

I would suggest keeping the free flow of outside information to Russia would be the best thing we can do.

There are reports of bgp hijacks and ddos targeted at Ukrainian asns watch for and mitigate those?


Keeping the free flow of information going seems to be the best way
to counter a history of isolationist tendencies by authoritarian
governments and represssive regimes. Countries that have dabbled
with the idea of firewalls, content filters, alternative DNS or even
network, etc., are given encouragement if you cut them off.

It may be best to focus on things that are less IP-centric and more
of a problem-solving variety. Running a good Tor node, by any chance?

... JG

I also imagine (without data) that most DoS attacks continue to be
performed by botnets, using other people's connections, rather than
directly by their ultimate perpetrators. So, the most effective and
meaningful mitigation would be trying to clean up bots, and prevent
ongoing bot infections, rather than cutting off suspected or actual

I realize that's much easier said than done!

It is, and it isn't. There was a time when we mostly all had staffed
abuse desks and took action on complaints. Some of us still do. If
we took the security of the Internet seriously, we could at least make
a reasonable effort to develop ways to cope with the growing problems
that are only exacerbated by stuff like the explosive growth of IoT,
and the resulting IoT malware. But this has to include service
providers giving a damn about what they let their customers spew out
onto the network, and it's been many years since it became clear that
profit margin won out over being a decent netizen.

... JG

I don’t think that refusing Russian ASNs will do much to stop any kind of attacks. They are going to attack from botnets that are global so that’s not going to stop them. If anything blocking Russian ASNs will stop the flow of information going into Russia. I think we’re better off doing what we can to take down any machines that are participating in attacks if they live on machines that are downstream from you. One of the biggest issues I face in my daily tasks is getting other provers to take down machines. I’m talking to you Microsoft, Amazon, Digital Ocean and the likes……



Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
6x7 Networks & 6x7 Telecom, LLC
"The only fully end-to-end encrypted global telecommunications company in the world.”

FCC License KJ6FJJ

There were questions in the media about cutting off the Internet.

One brief update not from the media. My Russian friend just called her Russian friend in Russia who just finished talking to a friend in Ukraine that said the cell phones and internet are up.


My friend just got a phone call. Electricity, cell phones and internet are all functional at this time.


My friend just got a phone call. Electricity, cell phones and

Haha, we are like the underground cables we service. No one (apart from other engineers) notices or cares how much effort it takes to keep the packets flowing until it stops.

Better just apply EU sanctions to RIPE NCC. Wait for some time. And see all Russians are NATed to several Chinese IPs :wink: No ASN, no BGP, no hijacks, no DDoSes...

25.02.22 02:40, William Allen Simpson пише:

I have always viewed our job has always been to keep the network
running, no matter what.

I just re-read this.

The four LTE (3GPP rev-whatever) based networks in Afghanistan are all still operational. Roshan, AWCC, MTN, Etisalat.

In .AF the line between ISP and MNO is very blurry since 98% of internet using customers do not have fixed line service at home or office and use a mobile network instead.

These have developed a great deal of institutional knowledge operating in very difficult conditions. The major change now is that the Taliban is no longer burning tower site cabinets/shelters.

Obligatory xkcd - xkcd: Devotion to Duty

Would it improve Internet health to refuse Russian ASN announcements?

This should never be a proposed solution.

One could say this about any service that its patrons aren't professionally attached to.