not rewriting next-hop, pointing default, ...
Naiming Shen
nshen at mci.net
Fri Sep 12 14:00:23 UTC 1997
Ha, it's amazing how fast people learn when they have to. Yesterday
someone send us a traceroute:
% traceroute -g 192.41.177.98 www.mci.net
....
6 core1-hssi3-0-gw.Washington.mci.net (204.70.1.222) 246 ms core5-hssi6-0-gw.
Washington.mci.net (204.70.1.22) 19 ms 10.11.2.45 (10.11.2.45) 9 ms
7 mae-east-01.ix.ai.net (192.41.177.98) 175 ms 124 ms *
8 mae-east-plusplus.washington.mci.net (192.41.177.181) 557 ms 591 ms
9 core2-hssi2-0.Washington.mci.net (204.70.1.213) 643 ms core4-hssi1-0.Washin
gton.mci.net (204.70.1.17) 614 ms core2-hssi2-0.Washington.mci.net (204.70.1.21
3) 499 ms
....
But, when "traceroute -g" is dead, "ping-pong" trace is another friend:
configure one ip static route you know they should not directly come to
you, and trace on that, this is the trace after someone "reconfigured"
their router last night:
#sh ip route 204.70.101.101
Routing entry for 204.70.101.101/32
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
* 192.41.177.98
Route metric is 0, traffic share count is 1
#trace 204.70.101.101
Type escape sequence to abort.
Tracing the route to 204.70.101.101
1 mae-east-01.ix.ai.net (192.41.177.98) 16 msec 16 msec 16 msec
2 mae-east-plusplus.washington.mci.net (192.41.177.181) 16 msec 4 msec 4 msec
3 mae-east-01.ix.ai.net (192.41.177.98) 12 msec 4 msec 4 msec
4 mae-east-plusplus.washington.mci.net (192.41.177.181) 24 msec 24 msec 20 msec
5 mae-east-01.ix.ai.net (192.41.177.98) 36 msec 44 msec 36 msec
6 mae-east-plusplus.washington.mci.net (192.41.177.181) 36 msec 48 msec 44 msec
7 mae-east-01.ix.ai.net (192.41.177.98) 60 msec 64 msec 64 msec
8 mae-east-plusplus.washington.mci.net (192.41.177.181) 60 msec 68 msec 64 msec
9 mae-east-01.ix.ai.net (192.41.177.98) 64 msec 76 msec *
10 *
mae-east-plusplus.washington.mci.net (192.41.177.181) 40 msec 36 msec
11 mae-east-01.ix.ai.net (192.41.177.98) 44 msec 44 msec 32 msec
Please figure out a way to defeat this!
Then of course you have netflow to tell you the source ip addresses of
the traffic, you have the mean of packet filtering, rate-limit on
mac addresses, null our their networks, etc...
these are all Cxxxx related, don't know if Bxx and Axxxxx routers have
similar features or not.
definitely more fun than watch 2 hours 90210 special;-)
>[In the message entitled "Re: not rewriting next-hop, pointing default, ..."
on Sep 11, 15:23, Randy Bush writes:]
>> >> no neighbor 192.41.177.73
>> > they should not care if you peer with them or not, they can have
>> > the upstream provider to give them your routes, then:
>> > !
>> > set nexthop 192.41.177.121
>>
>> Yes, folk seem to be doing this kind of thing, as shocking and disgusting a
s
>> it seems.
>
>Hey, at least they know how to configure routers, now. Give them
>points for that, at least :-)
>
>above.net$ traceroute -g 192.41.177.98 www.mci.net
>traceroute to www.mci.net (204.70.133.140): 1-30 hops, 78 byte packets
> 1 gate-96.sjc.above.net (207.126.96.161) 2.16 ms 3.92 ms 2.53 ms
> 2 mae-west-T3-2.above.net (207.126.96.238) 4.85 ms mae-west-T3-1.above.ne
t (
>207.126.96.245) 4.77 ms mae-west-T3-2.above.net (207.126.96.238) 3.32 ms
> 3 mae-east-oc3.above.net (207.126.96.66) 74.0 ms 78.1 ms 122 ms
> 4 mae-east-01.ix.ai.net (192.41.177.98) 81.0 ms !S * 87.9 ms !S
>
>--
>Dave Rand
>dlr at bungi.com
>http://www.bungi.com
-------------------------------------------------------------------
- Naiming Shen MCI
- MCI Internet Engineering 2100 Reston Parkway
- +1 703-715-7056 fax:703-715-7066 v272-7056 Reston, VA 20191
More information about the NANOG
mailing list