Packet Kiddies Invade NANOG

Tue Mar 16 11:54:08 UTC 2004

On Tue, 16 Mar 2004, Michael.Dillon at radianz.com wrote:

> People should be worried about stuff like this.  Banetele is a
> facilities-based network operator in Norway and these guys are directly
> attacking their BGP sessions to put them off the air.

Can anyone from Banetele/who knows Banetele confirm this attack took place?

Steve

> Assuming that they are not sourcing the attacks
> in Banetele's AS, then you, the peer of Banetele
> are delivering the packet stream that kills the
> BGP session. How long before peering agreements
> require ACLs in border routers so that only BGP 
> peering routers can source traffic destined to
> your BGP speaking routers?
> 
> (08:48:02) <#sigdie!OseK_> i just collapsed banetele's BGP announcement
> (08:48:43) <#sigdie!p> i dunno banetele looks dead
> (08:48:48) <#sigdie!p> or maybe im just lagging
> (08:49:00) <#sigdie!OseK_> ... BitchX: Sent server ping to 
> [irc.banetele.no]
> (08:49:00) <#sigdie!OseK_> ... Server pong from irc.banetele.no 0.8224 
> seconds
> (08:49:12) <#sigdie!p> bash-2.05a$ telnetirc.banetele.no 6667
> (08:49:13) <#sigdie!p> Trying 213.239.111.2...
> (08:49:16) <#sigdie!OseK_> thats cuz I collapsed their BGP announcement by 
> 
> nailing their router head on(08:49:26) <#sigdie!OseK_> but they have a 
> secondary route to efnet
> (08:49:30) <#sigdie!_mre|42o> BGP announcement?
> (08:49:31) <#sigdie!OseK_> thru their multihomed connection
> (08:49:32) <#sigdie!OseK_> yeah
> (08:49:37) <#sigdie!OseK_> they have a collapsable route
> (08:49:44) <#sigdie!OseK_> using the border gateway protocl
> (08:49:54) <#sigdie!OseK_> hey have to announce to a pool
> (08:49:58) <#sigdie!OseK_> in order to establish their route
> (08:50:07) <#sigdie!OseK_> but if thye get hit enough their router drops 
> the 
> announcements
> (08:50:10) <#sigdie!OseK_> and they lose their routes
> (08:50:14) <#sigdie!OseK_> its wierd
> (08:50:21) <#sigdie!OseK_> i dont quite understand how it works myself
> 
> 
> 
> 
> 
> 