Home page logo
/

nanog logo nanog mailing list archives

Re: Anyone notice strange announcements for 174.128.31.0/24
From: Nathan Ward <nanog () daork net>
Date: Tue, 13 Jan 2009 13:05:27 +1300

On 13/01/2009, at 12:32 PM, Jack Bates wrote:

I suspect part of this test is to determine if there are enough defaults to allow traffic through even though the route isn't being processed by certain networks (ie, it does not good to poison AS_PATH if defaults in general will allow DOS traffic to continue).


A suggestion I made to Randy at APRICOT in early 2007 when he was presenting his BGP beacon bogon filter detection stuff[1] was that he could use AS_PATH poisoning to detect broken filters and topology between two ASes, not just the best route back to him from each AS.

I think he thought it was a silly idea at the time, probably because of the massive amount of BGP updates that it would need. Maybe he changed his mind?

But yes, your suggestion seems reasonable as well - detect the existence of access lists, as opposed to prefix lists. The announcement is required to all the intermediary ASNs because of uRPF.

--
Nathan Ward

[1] http://www.apricot.net/apricot2007/presentation/conference/plenary3-randy-bogon.pdf


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault