Anyone notice strange announcements for 174.128.31.0/24

Jack Bates jbates at brightok.net
Mon Jan 12 23:32:05 UTC 2009


Paul Stewart wrote:
> The alerts we got were because our AS number was showing up somewhere
> else in the world.  Whether it's "legit" IP space or not - it still
> warrants investigation on a high priority from my perspective.
> 

Given the use of the ASN, I'm surprised that you place high priority of 
it showing up in other AS Paths. Of course, I can understand the issue 
of it indicates that a network has definitely isolated itself on purpose 
from your network (if your network runs without a default).

I suspect part of this test is to determine if there are enough defaults 
to allow traffic through even though the route isn't being processed by 
certain networks (ie, it does not good to poison AS_PATH if defaults in 
general will allow DOS traffic to continue).

Path poisoning has been around awhile and is even taught in classes of 
some router vendors as a way to alter traffic patterns. Of course, your 
AS may never have come up in such a situation. What Randy is doing, I 
suspect, is seeing if it does have any applicable uses, or if their 
assumptions are wrong.

> I have nothing against Randy or anyone else involved with this project
> .. to be quite honest I'd be interesting in seeing/hearing the results
> ... but I believe a more careful approach is in order with consideration
> for the folks effected.  
> 

What you request would probably cost more money and time than the 
project can afford. Not saying that such time and money shouldn't be 
spent, but it is what it is. For you, an email to nanog might suffice, 
but I doubt that every ASN which is being path poisoned is going to have 
representatives on nanog, or even reading mail at their whois contacts.


Jack




More information about the NANOG mailing list