Anyone notice strange announcements for 220.127.116.11/24
nanog at daork.net
Mon Jan 12 18:05:27 CST 2009
On 13/01/2009, at 12:32 PM, Jack Bates wrote:
> I suspect part of this test is to determine if there are enough
> defaults to allow traffic through even though the route isn't being
> processed by certain networks (ie, it does not good to poison
> AS_PATH if defaults in general will allow DOS traffic to continue).
A suggestion I made to Randy at APRICOT in early 2007 when he was
presenting his BGP beacon bogon filter detection stuff was that he
could use AS_PATH poisoning to detect broken filters and topology
between two ASes, not just the best route back to him from each AS.
I think he thought it was a silly idea at the time, probably because
of the massive amount of BGP updates that it would need. Maybe he
changed his mind?
But yes, your suggestion seems reasonable as well - detect the
existence of access lists, as opposed to prefix lists. The
announcement is required to all the intermediary ASNs because of uRPF.
More information about the NANOG