Indonesian ISP Moratel announces Google's prefixes

Jian Gu guxiaojian at gmail.com
Wed Nov 7 05:35:26 UTC 2012


Hmm, look at this screen shot from the blog, 8.8.8.0/24 was orignated from
Google.

tom at edge01.sfo01> show route 8.8.8.8

inet.0: 422196 destinations, 422196 routes (422182 active, 0 holddown,
14 hidden)
+ = Active Route, - = Last Active, * = Both
8.8.8.0/24         *[BGP/170] 00:27:02, MED 18, localpref 100
                      AS path: 4436 3491 23947 15169 I
                    > to 69.22.153.1 via ge-1/0/9.0



On Tue, Nov 6, 2012 at 9:33 PM, Hank Nussbacher <hank at efes.iucc.ac.il>wrote:

> At 21:21 06/11/2012 -0800, Jian Gu wrote:
>
> If Google announces 8.8.8.0/24 to you and you in turn start announcing to
> the Internet 8.8.8.0/24 as originating from you, then a certain section
> of the Internet will believe your announcement over Google's.    This has
> happened many times before due to improper filters, but this is the first
> time I have seen the victim being blamed.  Interesting concept.
>
> -Hank
>
>  I don't know what Google and Moratel's peering agreement, but "leak"?
>> educate me, Google is announcing /24 for all of their 4 NS prefix and
>> 8.8.8.0/24 for their public DNS server, how did Moratel leak those routes
>> to Internet?
>>
>> On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore <patrick at ianai.net
>> >wrote:
>>
>>
>> > On Nov 07, 2012, at 00:07 , Jian Gu <guxiaojian at gmail.com> wrote:
>> >
>> > > Where did you get the idea that a Moratel customer announced a
>> > google-owned
>> > > prefix to Moratel and Moratel did not have the proper filters in
>> place?
>> > > according to the blog, all google's 4 authoritative DNS server
>> networks
>> > and
>> > > 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for
>> a
>> > > Moratel customers announce all those prefixes?
>> >
>> > Ah, right, they just leaked Google's prefix.  I thought a customer
>> > originated the prefix.
>> >
>> > Original question still stands.  Which attribute do you expect Google to
>> > set to stop this?
>> >
>> > Hint: Don't say No-Advertise, unless you want peers to only talk to the
>> > adjacent AS, not their customers or their customers' customers, etc.
>> >
>> > Looking forward to your answer.
>> >
>> > --
>> > TTFN,
>> > patrick
>> >
>> >
>> > > On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore <patrick at ianai.net
>> > >wrote:
>> > >
>> > >> On Nov 06, 2012, at 23:48 , Jian Gu <guxiaojian at gmail.com> wrote:
>> > >>
>> > >>> What do you mean hijack? Google is peering with Moratel, if Google
>> does
>> > >> not
>> > >>> want Moratel to advertise its routes to Moratel's peers/upstreams,
>> then
>> > >>> Google should've set the correct BGP attributes in the first place.
>> > >>
>> > >> That doesn't make the slightest bit of sense.
>> > >>
>> > >> If a Moratel customer announced a Google-owned prefix to Moratel, and
>> > >> Moratel did not have the proper filters in place, there is nothing
>> > Google
>> > >> could do to stop the hijack from happening.
>> > >>
>> > >> Exactly what attribute do you think would stop this?
>> > >>
>> > >> --
>> > >> TTFN,
>> > >> patrick
>> > >>
>> > >>
>> > >>> On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia <me at anuragbhatia.com>
>> > >> wrote:
>> > >>>
>> > >>>> Another case of route hijack -
>> > >>>>
>> > >>
>> > http://blog.cloudflare.com/**why-google-went-offline-today-**
>> and-a-bit-about<http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about>
>> > >>>>
>> > >>>>
>> > >>>>
>> > >>>> I am curious if big networks have any pre-defined filters for big
>> > >> content
>> > >>>> providers like Google to avoid these? I am sure internet community
>> > >> would be
>> > >>>> working in direction to somehow prevent these issues. Curious to
>> know
>> > >>>> developments so far.
>> > >>>>
>> > >>>>
>> > >>>>
>> > >>>>
>> > >>>> Thanks.
>> > >>>>
>> > >>>>
>> > >>>> --
>> > >>>>
>> > >>>> Anurag Bhatia
>> > >>>> anuragbhatia.com
>> > >>>>
>> > >>>> Linkedin <http://in.linkedin.com/in/**anuragbhatia21<http://in.linkedin.com/in/anuragbhatia21>>
>> |
>> > >>>> Twitter<https://twitter.com/**anurag_bhatia<https://twitter.com/anurag_bhatia>
>> >|
>> > >>>> Google+ <https://plus.google.com/**118280168625121532854<https://plus.google.com/118280168625121532854>
>> >
>> > >>>>
>> > >>>
>> > >>
>> > >>
>> > >>
>> >
>> >
>> >
>>
>
>



More information about the NANOG mailing list