Home page logo
/

nanog logo nanog mailing list archives

[no subject]

router#sh ip bgp 138.252.0.1
BGP routing table entry for 138.252.0.0/21, version 10503636
Paths: (2 available, best #1, not advertised outside local AS)
  16631 174 209 29809
    216.151.223.17 (metric 65) from 216.151.223.17
      Origin IGP, metric 1000000, localpref 100, weight 500, valid, internal, best
      Community: 16631:1000 local-AS
  6347 701 209 29809
    209.144.160.89 from 209.144.160.89 (209.83.159.23)
      Origin IGP, localpref 100, weight 10, valid, external
      Community: 6347:1023 6347:5000 6347:5001 local-AS

I'm pretty sure Qwest is doing something wrong by allowing such an open 
BGP annoncements from their customers without checking what they would be
announcing. Instead of putting filters as "allow all" and then adding
filtering only 138.252.0.0/16 when they were contacted, they instead 
should have filtered all announcement except for specific ones customer
asked and was authorized. And I do hope there is somebody from Qwest here 
who can deal with this issue and educate on proper filtering whoever is
responsible for their bgp router in Burbank.

Also as for this particular case, I'll strongly advise to just filter
AS29809 entirely, I have serious doubts about whoever controls this asn
and have done the research on it (see above referenced file) and it 
appears the addresses at ARIN are all wrong (I have some doubts about
Trimeda being located on the grounds of Mormon Temple for example...)
and has been recently changed from completely different set of addresses
and besides it would have been enough that AS29809 only advertises this
particular hijacked ip block (and nothing else!) and they on purpose
fake traceroute to their AS to move blame away from themselve.

Just a shame that not everyone filters their customers. And although it 
has been a while, I know I've seen a route-leak from 6461 at AMS-IX.
(Probably last year sometime)

Indeed it really is a shame, especially when its large players like Qwest
who do not filter their customers, how can you expect it from smaller 
European networks where peering seems is a lot easier to setup...

-- 
William Leibzon
Elan Networks
william () elan net


  By Date           By Thread  

Current thread:
  • [no subject] Unknown (Jul 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]