Public shaming list for ISPs announcing other ISPs IP space by mistake
jared at puck.nether.net
Wed Aug 13 16:20:47 CDT 2008
On Wed, Aug 13, 2008 at 05:09:54PM -0400, Sean Donelan wrote:
> On Wed, 13 Aug 2008, Mikael Abrahamsson wrote:
>> We have prefix-filters on our customer bgp sessions, so that should be
>> fairly safe, but I see no good way of doing this towards peers as there
>> is no uniform way of doing this, and there is no industry consenus how
>> it should be done.
> Read your peering contract with the other ISP. It should cover what to do
> if this happens.
> What? you don't have a peering contract with the other ISP. Well I guess
> there is no requirement to keep the peering session established if the
> peer does stuff you don't want on your network.
> If it hurts when you do something, why do you keep doing it?
1) I didn't mean to call out any specific provider, we all
have challenges. Sorry to my friends at Cogent that may have been
2) I think some people have been a bit too lax in enforcing
their peering policies on this topic. Letting something leak for a few
hours may not matter much for some small business or corner of the world.
Leaking something important, or being nasty with it could be really bad.
Imagine instead of spoofing some nameserver, annoucing the space and
being rogue long enough to push out some huge TTL. Take whitehouse.gov
out for the next 30 days..
Would make life interesting. I can think of other badness to do
but won't enumerate it here.
- Jared (dinner time!)
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the NANOG