Low-numbered ASes being hijacked? [Re: BGP Update Report]
Scott Weeks
surfer at mauigateway.com
Sun Nov 30 22:19:06 UTC 2014
> ----- Original Message -----
>>> Do these people never check what exactly they end up originating
>>> outbound due to a config change, if that's really the case?
>>
>> Of course not because their neighbors are allowing it to
>> pass; so as with all hijacks, deaggregation, and other
>> unfiltered noise, the only care is traffic going in and
>> out. QA (let alone automated sanity checks) are alien
>> concepts to many, and "well it works" is the answer from
>> some when contacted.
>
> That's sort of the BGP equivalent to BCP38 filtering, isn't it?
--- jason at rice.edu wrote:
From: Jason Bothe <jason at rice.edu>
I’m not new here but the thread caught my eye, as I am one of
the lower ASs being mentioned. I guess there isn’t really
anything one can do to prevent these things other than listening
to route servers, etc. I guess it’s all on what the upstream
decides to allow-in and re-advertise.
----------------------------------------------------------------
First, obviously, set BGP filters to allow only what you expect
to send upstream.
Then, look at what your routers are advertising to your upstreams
using 'sho bgp advertised routes' type commands to make sure it's
exactly what you're expecting to send.
Last, look on route servers at various places around the internet
to make sure everything is advertised to expectations . You can
find a lot here: http://www.traceroute.org/#Route%20Servers
Also, of course, all of this can be done on a regular basis using
programs instead of being done manually.
scott
More information about the NANOG
mailing list