Anyone notice strange announcements for 126.96.36.199/24
jbates at brightok.net
Mon Jan 12 23:32:05 UTC 2009
Paul Stewart wrote:
> The alerts we got were because our AS number was showing up somewhere
> else in the world. Whether it's "legit" IP space or not - it still
> warrants investigation on a high priority from my perspective.
Given the use of the ASN, I'm surprised that you place high priority of
it showing up in other AS Paths. Of course, I can understand the issue
of it indicates that a network has definitely isolated itself on purpose
from your network (if your network runs without a default).
I suspect part of this test is to determine if there are enough defaults
to allow traffic through even though the route isn't being processed by
certain networks (ie, it does not good to poison AS_PATH if defaults in
general will allow DOS traffic to continue).
Path poisoning has been around awhile and is even taught in classes of
some router vendors as a way to alter traffic patterns. Of course, your
AS may never have come up in such a situation. What Randy is doing, I
suspect, is seeing if it does have any applicable uses, or if their
assumptions are wrong.
> I have nothing against Randy or anyone else involved with this project
> .. to be quite honest I'd be interesting in seeing/hearing the results
> ... but I believe a more careful approach is in order with consideration
> for the folks effected.
What you request would probably cost more money and time than the
project can afford. Not saying that such time and money shouldn't be
spent, but it is what it is. For you, an email to nanog might suffice,
but I doubt that every ASN which is being path poisoned is going to have
representatives on nanog, or even reading mail at their whois contacts.
More information about the NANOG