Public shaming list for ISPs announcing other ISPs IP space by mistake

Patrick W. Gilmore patrick at ianai.net
Wed Aug 13 15:52:46 CDT 2008


On Aug 13, 2008, at 4:48 PM, Jared Mauch wrote:
> On Wed, Aug 13, 2008 at 10:04:27PM +0200, Mikael Abrahamsson wrote:
>>
>> The italian courts seem to have told ISPs there to block ThePirateBay
>> (bittorrent tracker), and this evening (CET) LLNW (AS22822)  
>> originated
>> 88.80.6.0/24 via 6762 (telecom italia) to what I presume is most of
>> Europe.
>>
>> Basically same thing that happened when people tried to block  
>> YouTube a
>> few months back (afghanistan?).
>>
>> How do we hinder this in the short term? I know there are a lot of  
>> long
>> term solutions that very few is implementing, but would the fact that
>> these mistakes are brought up into the (lime)light by a public  
>> shaming
>> list make ISPs shape up and perform less mistakes?
>>
>> I am still waiting for a response from LLNW NOC on the issue.
>
> 	Sure.  I'd also like to see providers actually just shut
> off customers that originate stuff like ms-sql slammer
> packets still.  But it keeps flowing.  I'm sure there are
> smurf amps and other badness still going.  codered anyone?
>
> 	these are all issues, but operational?  depends.

I beg to differ, this is absolutely operational.


> If LLNW is not being filtered by telecom italia, time for
> 6762 to fix that.  If they persist, will you depeer them
> as a security risk until they clean up their act?

De-peering won't help if someone is propagating it as a transit  
customer route.  Filtering the prefix is all you can do.

-- 
TTFN,
patrick

P.S. Obligatory BCP38 shout-out, even though it's not exactly on- 
point. :-)



> 	I'm still amazed at the AS_PATHs that appear
> out there and the providers that can't figure out how to
> route.
>
> 	Why AS174 would listen to 3549 routes from AS12713
> is beyond me, but it's there.[1]
>
> 221.134.222.0/24 1280 174 12713 3549 2914 9498 9583
>
>
> 	- jared
>
> 1 - http://puck.nether.net/bgp/leakinfo.cgi
>  - http://puck.nether.net/bgp/stats.cgi?days=3
>
>
> -- 
> Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> clue++;      | http://puck.nether.net/~jared/  My statements are  
> only mine.
>





More information about the NANOG mailing list