Internet2 Network Security SIG

[gcbrowni <>]

Well, unless we change the scope. 

Let’s do 1918 and other "well known" bad source addresses. We can worry about 
"unassigned space" later.

How's that sound?


> On Jan 7, 2019, at 11:59 AM, Adair Thaxton 
> <>
>  wrote:
> 
> I believe that only RFC1918 space is in scope for now.  Baby steps!
> 
> Adair
> 
> 
> On 1/7/19 11:58 AM, Michael H Lambert wrote:
>> I fully agree with blocking RFC1918 addresses.  There are lots of other 
>> "static" bogon ranges, too, in both modern and legacy IP.  These include 
>> documentation and IANA-reserved addresses.  How aggressive should 
>> Internet2 (or connectors) be in blocking these in addition to RFC1918?
>> 
>> Michael
>> 
>>> On 7 Jan 2019, at 11:43, Brad Fleming 
>>> <>
>>>  wrote:
>>> 
>>> I’m assuming RFC1918 IPs as the source, correct? Regardless of source or 
>>> destination address I’m good with it. We shouldn’t be leaking that junk, 
>>> if we are something is broken, and I don’t expect Internet2 or the 
>>> greater community to deal with our failures. A publicly viewable counter 
>>> on the firewall filter term could be useful; I could make one of our 
>>> junior network team check the I2 counter every month to verify we don’t 
>>> have an internal issue. I’d be fine if that instrumentation wasn’t added 
>>> until later if I2 staff would like to move quickly on deploying filters 
>>> but also want to gather more input from the community on exposing FW 
>>> filter counters in this manner.
>>> --
>>> Brad Fleming
>>> Assistant Director for Technology
>>> Kansas Research and Education Network
>>> 
>>>> On Jan 7, 2019, at 10:13 AM, Adair Thaxton 
>>>> <>
>>>>  wrote:
>>>> 
>>>> I trust everyone had a nice break, and hasn't been driven up the wall by
>>>> bored children yet.  Our three-year-old reached the "why?" stage just in
>>>> time for break, so if you're still sane, I envy you!
>>>> 
>>>> 
>>>> - Internet2 is considering blocking all RFC1918 space at ingress links.
>>>> We do not expect this to affect cloud tunnel traffic, or any legitimate
>>>> traffic.  However, we all know the pitfalls of that last statement,
>>>> especially on our networks!  We plan to start by logging RFC1918 traffic
>>>> only, and then move to blocking it.  We also plan to offer opt-outs for
>>>> customers who need them.  We would welcome your input on this, for our
>>>> benefit as well as for the benefit of other customers.
>>>> 
>>>> 
>>>> - Check your routing tables!
>>>> https://twitter.com/InternetIntel/status/1080466509292621829
>>>> 
>>>> 
>>>> - Hat tip to researchers at the University of Maryland!
>>>> https://www.theregister.co.uk/2019/01/03/recaptcha_voice_challenge/
>>>> 
>>>> 
>>>> - A lot of it, as it turns out.
>>>> http://nymag.com/intelligencer/2018/12/how-much-of-the-internet-is-fake.html
>>>> 
>>>> 
>>>> Happy new year, everybody!
>>>> 
>>>> Adair
>>> 
>>

Attachment: smime.p7s
Description: S/MIME cryptographic signature