Kenyan Route Hijack
Christopher Morrow
morrowc.lists at gmail.com
Sun Mar 16 06:36:05 UTC 2008
On Sun, Mar 16, 2008 at 2:07 AM, Glen Kent <glen.kent at gmail.com> wrote:
>
> Paul,
>
>
> > Also: I have seen instances where a static route points to a next
> > hop that (inadvertently) may be "redistribute-static" injected into
> > BGP. This happens occasionally due to ad hoc configurations, back-
> > hole null routing, etc.
>
> And why would an ISP locally try to blackhole traffic bound to some
> other legitimate address space? Wouldnt this result in this service
I think it was Abovenet that blackholed a /24 of (I want to say MAPS,
but that's not right) an anti-spam-RBL sometime pre-1999?
> provider's customers to lose connectivity to whatever websites fall
> behind the IP address block in question? Or is that the intention?
>
perhaps they had a significant number of complaints about the address
block and no reaction from the owner(s)? or the address block (or
hosts in it) were scanning their infrastucture, or dos'ing it or???
There are a whole host of reasons one might conjecture. In ALL cases
you'd never put in a /24 but a pair of /25 so that you didn't become
the best path for the rest of the internets...
> If its done intentionally then it would only make sense if theres a
> DOS attack coming from that address block, or if theres something
dos attack mitigation works best on destinations, not sources...
urpf-loose aside a filter would have solved that form of problem
quicker.
> "blasphemous" put up there. If none of these, then why locally
> blackhole traffic?
>
once upon a time we had a noc person null route a 210.x.x.0/24 block
because someone used their email address in the 'from' for a spam
run... a swift 'discussion' ensued and they learned there was a better
solution to their problem. (swift after the owners of the ip space got
a little irrate :( )
-Chris
More information about the NANOG
mailing list