Anyone notice strange announcements for 174.128.31.0/24
Jack Bates
jbates at brightok.net
Tue Jan 13 00:33:17 UTC 2009
Nathan Ward wrote:
> A suggestion I made to Randy at APRICOT in early 2007 when he was
> presenting his BGP beacon bogon filter detection stuff[1] was that he
> could use AS_PATH poisoning to detect broken filters and topology
> between two ASes, not just the best route back to him from each AS.
I think a lot of the work done actually provided good results. AS_PATH
poisoning might have provided a few more clues on the return path.
One thing I didn't see in the interpretation was that while some AS's
were inconsistent with outbound probes, this leads one to believe that
the IPs selected for the probes were most likely firewalls providing
bogon filtering, and not bogon-filtering at an AS level.
Having dealt with quite a few reachability issues in 69/8, I got to talk
to some really redneck organizations that barely knew a thing about
their firewall.
This promises to be a much more interesting study, though I suspect it's
heavily scoped due to the time it takes to run tests without being
dampened. I presume there's at least one route acting as an anchor to
detect dampening. If not, we can send Randy off to do it again. ;)
Jack
More information about the NANOG
mailing list