Deaggregating for emergency purposes

Tue Aug 6 15:53:35 UTC 2002

On Tue, Aug 06, 2002 at 03:59:50AM -0400, Omachonu Ogali wrote:
> 
> What about announcing and registering with your IRR, more-specific
> routes for the period that the problem ONLY exists, instead of being
> lazy?

Secondly, show me a ISP that updates their filters with IRR
data every 60 seconds. So even if you do pollute the IRRs,
it won't hit filters until the next morning, and during that
period you could have fired off 2390573295827598 e-mails to
3472398473298 of their upstreams (assuming this is a large
misconfigured network).

> If all else fails, break out Outlook and your favorite translator,
> because last time I checked, speaking English was not a requirement
> to run a network. Even if most of you do, this is not a "Majority
> Rules" situation.
> 
> On Mon, Aug 05, 2002 at 10:47:33PM -0700, john at chagresventures.com wrote:
> > 
> > get on the bandwaggon that filtering is a good thing ?? :)
> > 
> > at some point some transit is going to listen and drop the announcement.
> > 
> > Lets take an example.  Deep Dark middle of asia, someone starts announcing
> > a /24 of yours.  Their upstream takes the packet, and so forth.  At some point
> > they will touch a NSP or ISP (international service provider) and you can get
> > things dropped their.
> 
> Yes. End of story. Go directly to the finish diamond at the end of
> your flowchart. If the next step in your flowchart is "pollute IRRs
> with 3592375238957235893275839572 /32s", please return your maintainer
> object.
>  
> > Your pushing out a /24 will help slurp some of the traffic towards you,
> > but not all.
> > 
> > Personally I have deagged some prefixes to cause a DOS/DDOS towards a 
> > particular address to route down a slow connection I had.  Sacrifice
> > one link, to keep customers running on the others.  But thats different.
> 
> Yes, but you removed it later on, correct?
>  
> > Its about networking, the people kind, at this point.
> > 
> > cheers
> > 
> > john brown
> > chagres technologies, inc
> > 
> > On Mon, Aug 05, 2002 at 09:00:55PM -0400, Phil Rosenthal wrote:
> > > 
> > > But the question is, what do you do if it's coming from somewhere with a
> > > difficult to contact NOC, and their upstream is difficult to contact as
> > > well?
> > > 
> > > --Phil
> > > 
> > > -----Original Message-----
> > > From: John M. Brown [mailto:jmbrown at ihighway.net] 
> > > Sent: Monday, August 05, 2002 8:12 PM
> > > To: Phil Rosenthal
> > > Cc: nanog at merit.edu
> > > Subject: Re: Deaggregating for emergency purposes
> > > 
> > > 
> > > Hmm, this would be a "Bad Idea" (TM) (C) 2002, DMCA Protected
> > > 
> > > Having had this happen to me several different times, I'd have to 
> > > recommend, calling the NOC of the advertising party. as the pref'd way
> > > of handling it.
> > > 
> > > On Mon, Aug 05, 2002 at 06:41:22PM -0400, Phil Rosenthal wrote:
> > > > 
> > > > I am currently announcing only my aggregate routes, but I have lately 
> > > > thought about the possibility of someone mistakenly, or maliciously, 
> > > > announcing more specifics from my space. The best solution for an 
> > > > emergency response to that (that I can think of), is registering all 
> > > > of the /24's that make up my network, so if someone should announce a 
> > > > more-specific, I can always announce the most specific that would be 
> > > > accepted (assuming they don't announce the /24's too, it should be a 
> > > > problem avoided)
> > > > 
> > > > Does anyone else have any other ideas on ways to quickly deal with 
> > > > someone else announcing your more specifics, since contacting their 
> > > > NOC is likely going to take a long time...
> > > > 
> > > > --Phil
> > > > 
> > > 
> 
> -- 
> Omachonu Ogali
> missnglnk at informationwave.net
> http://www.informationwave.net

-- 
Omachonu Ogali
missnglnk at informationwave.net
http://www.informationwave.net