Home page logo
/

nanog logo nanog mailing list archives

Re: So -- what did happen to Panix?
From: bmanning () vacation karoshi com
Date: Fri, 27 Jan 2006 17:43:53 +0000


On Fri, Jan 27, 2006 at 11:39:27AM -0500, Joe Abley wrote:

On 27-Jan-2006, at 11:12, bmanning () vacation karoshi com wrote:

    but by definition, the right-most entry is the prefix origin...

Suppose AS 9327 decides to originate 198.32.6.0/24, but prepends 4555  
to the AS_PATH as it does so. Suppose 9327's uses a transit provider  
which builds prefix filters from the IRR, and the "as9327" aut-num  
object is modified to include policy which suggests 9327 provides  
transit for 4555. Suppose this is not actually the case, though, and  
in fact 9327 is a rogue AS which is trying to capture 4555's traffic.

The rest of the world sees a prefix with an AS_PATH attribute which  
ends with "9327 4555".

In this case, from the point of view of those trying to discern  
legitimacy of advertisements, what is the origin of the prefix? Is it  
4555, or 9327?


        from BGP's perspective, you tell me.  being the naive BGP
        listen/speaker - i think that AS 4555 is the origin.

        now... what does  Prefix 198.32.6.0/24 say is the correct
        origin?  

Is it possible to tell, from just the right-most entry in the AS_PATH  
attribute?

        nope - but you have jumped right into the path question.
        (what does the as4555 aut-num object say about using 9327
        as an upstream AS?)

        
Joe

[note: 9327 is not a rogue AS, in fact. This is just hypothetical :-)]

        sez you :) (reminder to send Cingular the royalty check if you
        receive the above two characters ":" and ")" as listed above
        AND you chose to infer mood or intent.)

        I think -all- AS are run by rouges and pirates.

-- (headless) bill


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault