Revealed: The Internet's well known BGP behavior

John Lee john at
Wed Aug 27 23:32:03 CDT 2008

Thanks guys, going back to my Comer one more time. My issue, question was whether the organization doing the hijacking controlled all of the routers in the new modified path or only some of them?

John (ISDN) Lee

From: Patrick W. Gilmore [patrick at]
Sent: Thursday, August 28, 2008 12:10 AM
To: NANOG list
Subject: Re: Revealed: The Internet's well known BGP behavior

On Aug 27, 2008, at 11:47 PM, John Lee wrote:

> The traceroute utility that I used gave me a list of hops that the
> packet I was interested in transited and a time when it transited
> the hop. When the TTL was reached it would terminate the listing.

You are very confused how traceroute works.

Being confused is fine.  Lots of people are confused & ignorant.  In
fact, everyone is ignorant about more things than they are educated
about.  However, when people like Adrian, who are clearly more versed
in the technology than you are, try to educate you, ignoring his kind
help and repeating your confusion to 10s of 1000s of your not-so-close
friends is not fine.

Please read Adrian's post again, read about traceroute, and try not to
post until you have understood them.  (To be clear, if you come to the
conclusion you are right and Adrian is wrong it means you have _not_
understood them.)

> When ever I had performance issues on my networks or with my
> networks links it would indicate if the standard route was being
> taken or another one. When certain links went down several
> additional hops would be added to the list.

The fact you do not understand how traceroute works makes it obvious
why you misunderstand how to diagnosis something from that lack of

>> VPN's and MPLS control intermediate hops and IPsec and SSL do not
>> allow the info to be seen.

"VPNs" do no such thing.  To prove this to yourself, realize that
IPsec and SSL are both types of "VPNs".

Encrypting the data is very useful.  Hell, Anthony & Alex say so
themselves.  But that wasn't the point of the presentation.  (And
we'll ignore the fact that the size, speed, and even existence of a
data stream - encrypted or not - might be useful information to a

Lastly, can you show me a single inter-AS MPLS deployment?  When you
can, then you can use that as a method to avoid this h4x0r.


More information about the NANOG mailing list