Home page logo
/

nanog logo nanog mailing list archives

Re: Anyone notice strange announcements for 174.128.31.0/24
From: kris foster <kris.foster () gmail com>
Date: Wed, 14 Jan 2009 15:22:53 -0800


On Jan 14, 2009, at 2:52 PM, Michienne Dixon wrote:

Well, if you really want to pick knits you are welcome to.  If I meant
prepending, I would have said that. The example that I listed was
setting up a router, advertising the ASNs listed and the random IP
ranges gleaned from IANA.  Sorry if I confused you.

The point I believe John is trying to make is that *ASNs are not announced*. There are no advertisements that say "this is how to get to ASN X". BGP updates specifically announce network layer reachability.

This is an important point in this discussion. There are a lot of comments being made that are just simply wrong and causing confusion because of slips in terminology regarding the path attribute.

Kris


-----Original Message-----
From: John Payne [mailto:john () sackheads org]
Sent: Wednesday, January 14, 2009 3:57 PM
To: Michienne Dixon
Cc: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24


On Jan 14, 2009, at 10:50 AM, Michienne Dixon wrote:


Interesting - So as a cyber criminal - I could setup a router, start
announcing AS 16733, 18872, and maybe 6966 for good measure and their
routers would ignore my announcements and IP ranges that I siphoned
from searching IANA?  Hm...  Would that also prevent them from
accessing my rogue network from their network?


What do you mean "announcing AS 16733..." ?

Putting 16733 in an AS PATH is not announcing it.





-
Michienne Dixon
Network Administrator
liNKCity
312 Armour Rd.
North Kansas City, MO  64116
www.linkcity.org
(816) 412-7990

-----Original Message-----
From: Simon Lockhart [mailto:simon () slimey org]
Sent: Wednesday, January 14, 2009 2:07 AM
To: Hank Nussbacher
Cc: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24

On Wed Jan 14, 2009 at 09:59:14AM +0200, Hank Nussbacher wrote:
What if, by doing some research experiment, the researcher discovers
some unknown and latent bug in IOS or JunOS that causes much of the
Internet to go belly up?  1 in a billion chance, but nonetheless, a
headsup would have been in order.

Say we had a customer who connected to us over BGP, and they used some

new experimental BGP daemon. Their announcement was "odd" in some way,

but appeared clean to us (a Cisco house). Once their announcement hit
the a Foundry router, it tickled a bug which caused the router to
propogate the announcement, but also start to blackhole traffic. Oh
dear, large chunks of the Internet have just gone belly up.

Should we have given a heads up to the Internet at large that we were
turning up this customer?

Simon
(Yes, I'm in the minority that thinks that Randy hasn't done anything
bad)
--

Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration
*
 Director    |    * Domain & Web Hosting * Internet Consultancy *
Bogons Ltd   | * http://www.bogons.net/  *  Email: info () bogons net  *







  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault