Anyone notice strange announcements for 174.128.31.0/24

• Previous message (by thread): Anyone notice strange announcements for 174.128.31.0/24
• Next message (by thread): Anyone notice strange announcements for 174.128.31.0/24
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 13/01/2009, at 12:32 PM, Jack Bates wrote:

> I suspect part of this test is to determine if there are enough  
> defaults to allow traffic through even though the route isn't being  
> processed by certain networks (ie, it does not good to poison  
> AS_PATH if defaults in general will allow DOS traffic to continue).


A suggestion I made to Randy at APRICOT in early 2007 when he was  
presenting his BGP beacon bogon filter detection stuff[1] was that he  
could use AS_PATH poisoning to detect broken filters and topology  
between two ASes, not just the best route back to him from each AS.

I think he thought it was a silly idea at the time, probably because  
of the massive amount of BGP updates that it would need. Maybe he  
changed his mind?

But yes, your suggestion seems reasonable as well - detect the  
existence of access lists, as opposed to prefix lists. The  
announcement is required to all the intermediary ASNs because of uRPF.

--
Nathan Ward

[1] http://www.apricot.net/apricot2007/presentation/conference/plenary3-randy-bogon.pdf

• Previous message (by thread): Anyone notice strange announcements for 174.128.31.0/24
• Next message (by thread): Anyone notice strange announcements for 174.128.31.0/24
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]