Indonesian ISP Moratel announces Google's prefixes

Wed Nov 7 05:33:22 UTC 2012

At 21:21 06/11/2012 -0800, Jian Gu wrote:

If Google announces 8.8.8.0/24 to you and you in turn start announcing to 
the Internet 8.8.8.0/24 as originating from you, then a certain section of 
the Internet will believe your announcement over Google's.    This has 
happened many times before due to improper filters, but this is the first 
time I have seen the victim being blamed.  Interesting concept.

-Hank

>I don't know what Google and Moratel's peering agreement, but "leak"?
>educate me, Google is announcing /24 for all of their 4 NS prefix and
>8.8.8.0/24 for their public DNS server, how did Moratel leak those routes
>to Internet?
>
>On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore <patrick at ianai.net>wrote:
>
> > On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian at gmail.com> wrote:
> >
> > > Where did you get the idea that a Moratel customer announced a
> > google-owned
> > > prefix to Moratel and Moratel did not have the proper filters in place?
> > > according to the blog, all google's 4 authoritative DNS server networks
> > and
> > > 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for a
> > > Moratel customers announce all those prefixes?
> >
> > Ah, right, they just leaked Google's prefix.  I thought a customer
> > originated the prefix.
> >
> > Original question still stands.  Which attribute do you expect Google to
> > set to stop this?
> >
> > Hint: Don't say No-Advertise, unless you want peers to only talk to the
> > adjacent AS, not their customers or their customers' customers, etc.
> >
> > Looking forward to your answer.
> >
> > --
> > TTFN,
> > patrick
> >
> >
> > > On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore <patrick at ianai.net
> > >wrote:
> > >
> > >> On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian at gmail.com> wrote:
> > >>
> > >>> What do you mean hijack? Google is peering with Moratel, if Google does
> > >> not
> > >>> want Moratel to advertise its routes to Moratel's peers/upstreams, then
> > >>> Google should've set the correct BGP attributes in the first place.
> > >>
> > >> That doesn't make the slightest bit of sense.
> > >>
> > >> If a Moratel customer announced a Google-owned prefix to Moratel, and
> > >> Moratel did not have the proper filters in place, there is nothing
> > Google
> > >> could do to stop the hijack from happening.
> > >>
> > >> Exactly what attribute do you think would stop this?
> > >>
> > >> --
> > >> TTFN,
> > >> patrick
> > >>
> > >>
> > >>> On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia <me at anuragbhatia.com>
> > >> wrote:
> > >>>
> > >>>> Another case of route hijack -
> > >>>>
> > >>
> > http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about
> > >>>>
> > >>>>
> > >>>>
> > >>>> I am curious if big networks have any pre-defined filters for big
> > >> content
> > >>>> providers like Google to avoid these? I am sure internet community
> > >> would be
> > >>>> working in direction to somehow prevent these issues. Curious to know
> > >>>> developments so far.
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>> Thanks.
> > >>>>
> > >>>>
> > >>>> --
> > >>>>
> > >>>> Anurag Bhatia
> > >>>> anuragbhatia.com
> > >>>>
> > >>>> Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
> > >>>> Twitter<https://twitter.com/anurag_bhatia>|
> > >>>> Google+ <https://plus.google.com/118280168625121532854>
> > >>>>
> > >>>
> > >>
> > >>
> > >>
> >
> >
> >