From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RyomG-0005eY-NH for garchives@archives.gentoo.org; Sat, 18 Feb 2012 18:12:56 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1ED02E0FAE; Sat, 18 Feb 2012 18:12:36 +0000 (UTC) Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 3E322E0E34 for ; Sat, 18 Feb 2012 18:10:51 +0000 (UTC) Received: by bkcit16 with SMTP id it16so4273679bkc.40 for ; Sat, 18 Feb 2012 10:10:51 -0800 (PST) Received-SPF: pass (google.com: domain of mikemol@gmail.com designates 10.205.130.1 as permitted sender) client-ip=10.205.130.1; Authentication-Results: mr.google.com; spf=pass (google.com: domain of mikemol@gmail.com designates 10.205.130.1 as permitted sender) smtp.mail=mikemol@gmail.com; dkim=pass header.i=mikemol@gmail.com Received: from mr.google.com ([10.205.130.1]) by 10.205.130.1 with SMTP id hk1mr7588934bkc.140.1329588651376 (num_hops = 1); Sat, 18 Feb 2012 10:10:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=YAfKnxXeLN8mg8DST8itp6sycMK098cTCNZpA+iWXx0=; b=vNP8WZqf2PnnfK3dUCday8emuAHTvu1GdGY3WysBoL0GGufbaXw14hTw0UxzDVjs1j NbqLfBOpHCuIEFp1aSMZ3qP9gk8qv0AQ7aX61sYWKnkFDqze9UOYQ8UiHd9XBxEb4Qe5 6KtwKPV2DagJC5sf+X/I82R/+CwDFu8ERYq5Q= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.205.130.1 with SMTP id hk1mr6172765bkc.140.1329588650915; Sat, 18 Feb 2012 10:10:50 -0800 (PST) Received: by 10.205.124.129 with HTTP; Sat, 18 Feb 2012 10:10:50 -0800 (PST) Received: by 10.205.124.129 with HTTP; Sat, 18 Feb 2012 10:10:50 -0800 (PST) In-Reply-To: References: <4F3F7CBA.9020600@gmail.com> <20120218124409.43286f16@khamul.example.com> <4F3F92C0.3060506@gmail.com> <1971113.3a2zZ3o5ps@localhost> <4F3F9BFF.9070104@gmail.com> <20120218164058.65c82d3d@khamul.example.com> <4F3FC50B.3010001@gmail.com> Date: Sat, 18 Feb 2012 13:10:50 -0500 Message-ID: Subject: Re: [gentoo-user] Somewhat OT: Any truth to this mess? From: Michael Mol To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=000e0cdfc7863c38b104b940fb74 X-Archives-Salt: 0c2541c2-e7a2-4e0f-a29c-d625b9966a44 X-Archives-Hash: 17c4604706229e3f7c879f2b8c44c2d4 --000e0cdfc7863c38b104b940fb74 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable (Sorry for the top-post...I'm mobile atm.) My understanding is that core network operators filter ASs for which they don't have a contract for transit. I.e, if I were to get my own PI space, I'd have to pay tier 1 networks (or pay someone to ride on *their* contract) for a contract to have packets destined for my AS to be able to reach me across their network. ZZ On Feb 18, 2012 1:04 PM, "Pandu Poluan" wrote: > On Sat, Feb 18, 2012 at 23:18, Michael Mol wrote: > > > > ---- >8 snippage > > > > > And it's not so easy to take the Internet down with injected BGP > > routes any more, either; most network operators apply some sort of > > filtering. > > > > Yes, there *are* filters against injecting BGP from non-trusted sources. > > But if the government somehow controls a Network Service Provider > (NSP, the maintainers of Internet backbones), they can easily poison > the BGP updates. Routers connected to the NSP will happily accept the > poisoned updates since they rely on the NSP to provide "big picture" > traffic management. > > Rgds, > -- > FdS Pandu E Poluan > ~ IT Optimizer ~ > > =E2=80=A2 LOPSA Member #15248 > =E2=80=A2 Blog : http://pepoluan.tumblr.com > =E2=80=A2 Linked-In : http://id.linkedin.com/in/pepoluan > > --000e0cdfc7863c38b104b940fb74 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

(Sorry for the top-post...I'm mobile atm.)

My understanding is that core network operators filter ASs for which the= y don't have a contract for transit. I.e, if I were to get my own PI sp= ace, I'd have to pay tier 1 networks (or pay someone to ride on *their*= contract) for a contract to have packets destined for my AS to be able to = reach me across their network.

ZZ

On Feb 18, 2012 1:04 PM, "Pandu Poluan"= ; <pandu@poluan.info> wrote:=
On Sat, Feb 18, 2012 at 23:18, Michael Mol <mikemol@gmail.com> wrote:
>

---- >8 snippage

>
> And it's not so easy to take the Internet down with injected BGP > routes any more, either; most network operators apply some sort of
> filtering.
>

Yes, there *are* filters against injecting BGP from non-trusted sources.
But if the government somehow controls a Network Service Provider
(NSP, the maintainers of Internet backbones), they can easily poison
the BGP updates. Routers connected to the NSP will happily accept the
poisoned updates since they rely on the NSP to provide "big picture&qu= ot;
traffic management.

Rgds,
--
FdS Pandu E Poluan
~ IT Optimizer ~

=C2=A0=E2=80=A2 LOPSA Member #15248
=C2=A0=E2=80=A2 Blog : http://pepoluan.tumblr.com
=C2=A0=E2=80=A2 Linked-In : http://id.linkedin.com/in/pepoluan

--000e0cdfc7863c38b104b940fb74--