Heads-Up: GoDaddy Broke the Interwebs...

Kyle Creyts kyle.creyts at gmail.com
Wed Sep 12 04:19:32 UTC 2012


(Arrive at the intended destination, that is)

On Tue, Sep 11, 2012 at 9:18 PM, Kyle Creyts <kyle.creyts at gmail.com> wrote:
> +1
>
> Announcing a prefix doesn't mean that the traffic to those IPs found
> within shall ever arrive.
>
> On Tue, Sep 11, 2012 at 8:43 PM, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
>> On Tue, Sep 11, 2012 at 11:16 PM, Naveen Nathan <naveen at lastninja.net> wrote:
>>>> Well, mostly I'm taking GoDaddy at their word that this was not a DoS attack.
>>>>
>>>> I also believe it was related to BGP, and am happy to get more info.  But we are discussing Anonymous vs. Self-inflicted wound here.
>>>
>>> I'm skeptical, BGPlay (http://bgplay.routeviews.org/) doesn't show any withdrawn routes for any of their prefixes over Sep 9-11. Infact, their BGP operation looks fairly operational during the time from what I can gather.
>>
>> a bgp error doesn't HAVE to mean that they withdrew (or even
>> re-announced!) anything to the outside world, does it?
>>
>> for instance:
>>   border-router -> internet
>>    redistribute your aggregate networks from statics to Null0 on the
>> border-router
>>    accept full routes so you can send them to the other borders and
>> make good decisions at the external edge
>>
>>   border-router -> internal
>>     send default or some version of default via a fitler to internal
>> datacenter routers/aggregation/distribution devices.
>>     accept from them (maybe) local subnets that are part of your aggregates
>>
>> now, accidently remove the filter content for the sessions between the
>> border and internal ... oops, your internal devices bounce with
>> 'corrupted tables' (blown tables)... you still send your aggs steadily
>> to the interwebs, wee!
>>
>> -chris
>>
>
>
>
> --
> Kyle Creyts
>
> Information Assurance Professional
> BSidesDetroit Organizer



-- 
Kyle Creyts

Information Assurance Professional
BSidesDetroit Organizer



More information about the NANOG mailing list