Packet Kiddies Invade NANOG
Stephen J. Wilcox
steve at telecomplete.co.uk
Tue Mar 16 11:54:08 UTC 2004
On Tue, 16 Mar 2004, Michael.Dillon at radianz.com wrote:
> People should be worried about stuff like this. Banetele is a
> facilities-based network operator in Norway and these guys are directly
> attacking their BGP sessions to put them off the air.
Can anyone from Banetele/who knows Banetele confirm this attack took place?
Steve
> Assuming that they are not sourcing the attacks
> in Banetele's AS, then you, the peer of Banetele
> are delivering the packet stream that kills the
> BGP session. How long before peering agreements
> require ACLs in border routers so that only BGP
> peering routers can source traffic destined to
> your BGP speaking routers?
>
> (08:48:02) <#sigdie!OseK_> i just collapsed banetele's BGP announcement
> (08:48:43) <#sigdie!p> i dunno banetele looks dead
> (08:48:48) <#sigdie!p> or maybe im just lagging
> (08:49:00) <#sigdie!OseK_> ... BitchX: Sent server ping to
> [irc.banetele.no]
> (08:49:00) <#sigdie!OseK_> ... Server pong from irc.banetele.no 0.8224
> seconds
> (08:49:12) <#sigdie!p> bash-2.05a$ telnetirc.banetele.no 6667
> (08:49:13) <#sigdie!p> Trying 213.239.111.2...
> (08:49:16) <#sigdie!OseK_> thats cuz I collapsed their BGP announcement by
>
> nailing their router head on(08:49:26) <#sigdie!OseK_> but they have a
> secondary route to efnet
> (08:49:30) <#sigdie!_mre|42o> BGP announcement?
> (08:49:31) <#sigdie!OseK_> thru their multihomed connection
> (08:49:32) <#sigdie!OseK_> yeah
> (08:49:37) <#sigdie!OseK_> they have a collapsable route
> (08:49:44) <#sigdie!OseK_> using the border gateway protocl
> (08:49:54) <#sigdie!OseK_> hey have to announce to a pool
> (08:49:58) <#sigdie!OseK_> in order to establish their route
> (08:50:07) <#sigdie!OseK_> but if thye get hit enough their router drops
> the
> announcements
> (08:50:10) <#sigdie!OseK_> and they lose their routes
> (08:50:14) <#sigdie!OseK_> its wierd
> (08:50:21) <#sigdie!OseK_> i dont quite understand how it works myself
>
>
>
>
>
>
More information about the NANOG
mailing list