Anyone notice strange announcements for 174.128.31.0/24

John Payne john at sackheads.org
Thu Jan 15 12:45:26 UTC 2009


On Jan 14, 2009, at 6:22 PM, kris foster wrote:

>
> On Jan 14, 2009, at 2:52 PM, Michienne Dixon wrote:
>
>> Well, if you really want to pick knits you are welcome to.  If I  
>> meant
>> prepending, I would have said that. The example that I listed was
>> setting up a router, advertising the ASNs listed and the random IP
>> ranges gleaned from IANA.  Sorry if I confused you.
>
> The point I believe John is trying to make is that *ASNs are not  
> announced*. There are no advertisements that say "this is how to get  
> to ASN X". BGP updates specifically announce network layer  
> reachability.
>
> This is an important point in this discussion. There are a lot of  
> comments being made that are just simply wrong and causing confusion  
> because of slips in terminology regarding the path attribute.

Thanks Kris - exactly what I was getting to.

>
>
> Kris
>
>
>> -----Original Message-----
>> From: John Payne [mailto:john at sackheads.org]
>> Sent: Wednesday, January 14, 2009 3:57 PM
>> To: Michienne Dixon
>> Cc: NANOG list
>> Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
>>
>>
>> On Jan 14, 2009, at 10:50 AM, Michienne Dixon wrote:
>>
>>>
>>> Interesting - So as a cyber criminal - I could setup a router, start
>>> announcing AS 16733, 18872, and maybe 6966 for good measure and  
>>> their
>>> routers would ignore my announcements and IP ranges that I siphoned
>>> from searching IANA?  Hm...  Would that also prevent them from
>>> accessing my rogue network from their network?
>>
>>
>> What do you mean "announcing AS 16733..." ?
>>
>> Putting 16733 in an AS PATH is not announcing it.
>>
>>>
>>>
>>>
>>>
>>> -
>>> Michienne Dixon
>>> Network Administrator
>>> liNKCity
>>> 312 Armour Rd.
>>> North Kansas City, MO  64116
>>> www.linkcity.org
>>> (816) 412-7990
>>>
>>> -----Original Message-----
>>> From: Simon Lockhart [mailto:simon at slimey.org]
>>> Sent: Wednesday, January 14, 2009 2:07 AM
>>> To: Hank Nussbacher
>>> Cc: NANOG list
>>> Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
>>>
>>> On Wed Jan 14, 2009 at 09:59:14AM +0200, Hank Nussbacher wrote:
>>>> What if, by doing some research experiment, the researcher  
>>>> discovers
>>>> some unknown and latent bug in IOS or JunOS that causes much of the
>>>> Internet to go belly up?  1 in a billion chance, but nonetheless, a
>>>> headsup would have been in order.
>>>
>>> Say we had a customer who connected to us over BGP, and they used  
>>> some
>>
>>> new experimental BGP daemon. Their announcement was "odd" in some  
>>> way,
>>
>>> but appeared clean to us (a Cisco house). Once their announcement  
>>> hit
>>> the a Foundry router, it tickled a bug which caused the router to
>>> propogate the announcement, but also start to blackhole traffic. Oh
>>> dear, large chunks of the Internet have just gone belly up.
>>>
>>> Should we have given a heads up to the Internet at large that we  
>>> were
>>> turning up this customer?
>>>
>>> Simon
>>> (Yes, I'm in the minority that thinks that Randy hasn't done  
>>> anything
>>> bad)
>>> --
>>>
>>> Simon Lockhart | * Sun Server Colocation * ADSL * Domain  
>>> Registration
>>> *
>>> Director    |    * Domain & Web Hosting * Internet Consultancy *
>>> Bogons Ltd   | * http://www.bogons.net/  *  Email:  
>>> info at bogons.net  *
>>>
>>>
>>
>>
>
>





More information about the NANOG mailing list