Home page logo
/

nanog logo nanog mailing list archives

Re: Anyone notice strange announcements for 174.128.31.0/24
From: Jack Bates <jbates () brightok net>
Date: Mon, 12 Jan 2009 17:32:05 -0600

Paul Stewart wrote:
The alerts we got were because our AS number was showing up somewhere
else in the world.  Whether it's "legit" IP space or not - it still
warrants investigation on a high priority from my perspective.


Given the use of the ASN, I'm surprised that you place high priority of it showing up in other AS Paths. Of course, I can understand the issue of it indicates that a network has definitely isolated itself on purpose from your network (if your network runs without a default).

I suspect part of this test is to determine if there are enough defaults to allow traffic through even though the route isn't being processed by certain networks (ie, it does not good to poison AS_PATH if defaults in general will allow DOS traffic to continue).

Path poisoning has been around awhile and is even taught in classes of some router vendors as a way to alter traffic patterns. Of course, your AS may never have come up in such a situation. What Randy is doing, I suspect, is seeing if it does have any applicable uses, or if their assumptions are wrong.

I have nothing against Randy or anyone else involved with this project
.. to be quite honest I'd be interesting in seeing/hearing the results
... but I believe a more careful approach is in order with consideration
for the folks effected.

What you request would probably cost more money and time than the project can afford. Not saying that such time and money shouldn't be spent, but it is what it is. For you, an email to nanog might suffice, but I doubt that every ASN which is being path poisoned is going to have representatives on nanog, or even reading mail at their whois contacts.


Jack


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault