Anyone notice strange announcements for 174.128.31.0/24
John Payne
john at sackheads.org
Thu Jan 15 12:45:26 UTC 2009
On Jan 14, 2009, at 6:22 PM, kris foster wrote:
>
> On Jan 14, 2009, at 2:52 PM, Michienne Dixon wrote:
>
>> Well, if you really want to pick knits you are welcome to. If I
>> meant
>> prepending, I would have said that. The example that I listed was
>> setting up a router, advertising the ASNs listed and the random IP
>> ranges gleaned from IANA. Sorry if I confused you.
>
> The point I believe John is trying to make is that *ASNs are not
> announced*. There are no advertisements that say "this is how to get
> to ASN X". BGP updates specifically announce network layer
> reachability.
>
> This is an important point in this discussion. There are a lot of
> comments being made that are just simply wrong and causing confusion
> because of slips in terminology regarding the path attribute.
Thanks Kris - exactly what I was getting to.
>
>
> Kris
>
>
>> -----Original Message-----
>> From: John Payne [mailto:john at sackheads.org]
>> Sent: Wednesday, January 14, 2009 3:57 PM
>> To: Michienne Dixon
>> Cc: NANOG list
>> Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
>>
>>
>> On Jan 14, 2009, at 10:50 AM, Michienne Dixon wrote:
>>
>>>
>>> Interesting - So as a cyber criminal - I could setup a router, start
>>> announcing AS 16733, 18872, and maybe 6966 for good measure and
>>> their
>>> routers would ignore my announcements and IP ranges that I siphoned
>>> from searching IANA? Hm... Would that also prevent them from
>>> accessing my rogue network from their network?
>>
>>
>> What do you mean "announcing AS 16733..." ?
>>
>> Putting 16733 in an AS PATH is not announcing it.
>>
>>>
>>>
>>>
>>>
>>> -
>>> Michienne Dixon
>>> Network Administrator
>>> liNKCity
>>> 312 Armour Rd.
>>> North Kansas City, MO 64116
>>> www.linkcity.org
>>> (816) 412-7990
>>>
>>> -----Original Message-----
>>> From: Simon Lockhart [mailto:simon at slimey.org]
>>> Sent: Wednesday, January 14, 2009 2:07 AM
>>> To: Hank Nussbacher
>>> Cc: NANOG list
>>> Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
>>>
>>> On Wed Jan 14, 2009 at 09:59:14AM +0200, Hank Nussbacher wrote:
>>>> What if, by doing some research experiment, the researcher
>>>> discovers
>>>> some unknown and latent bug in IOS or JunOS that causes much of the
>>>> Internet to go belly up? 1 in a billion chance, but nonetheless, a
>>>> headsup would have been in order.
>>>
>>> Say we had a customer who connected to us over BGP, and they used
>>> some
>>
>>> new experimental BGP daemon. Their announcement was "odd" in some
>>> way,
>>
>>> but appeared clean to us (a Cisco house). Once their announcement
>>> hit
>>> the a Foundry router, it tickled a bug which caused the router to
>>> propogate the announcement, but also start to blackhole traffic. Oh
>>> dear, large chunks of the Internet have just gone belly up.
>>>
>>> Should we have given a heads up to the Internet at large that we
>>> were
>>> turning up this customer?
>>>
>>> Simon
>>> (Yes, I'm in the minority that thinks that Randy hasn't done
>>> anything
>>> bad)
>>> --
>>>
>>> Simon Lockhart | * Sun Server Colocation * ADSL * Domain
>>> Registration
>>> *
>>> Director | * Domain & Web Hosting * Internet Consultancy *
>>> Bogons Ltd | * http://www.bogons.net/ * Email:
>>> info at bogons.net *
>>>
>>>
>>
>>
>
>
More information about the NANOG
mailing list