someone is using my AS number
Job Snijders
job at instituut.net
Thu Jun 13 14:06:14 UTC 2019
Hi Joe,
On Thu, Jun 13, 2019 at 9:59 Joe Abley <jabley at hopcount.ca> wrote:
> Hey Joe,
>
> On 12 Jun 2019, at 12:37, Joe Provo <nanog-post at rsuc.gweep.net> wrote:
>
> > On Wed, Jun 12, 2019 at 04:10:00PM +0000, David Guo via NANOG wrote:
> >> Send abuse complaint to the upstreams
> >
> > ...and then name & shame publicly. AS-path forgery "for TE" was
> > never a good idea. Sharing the affected prefix[es]/path[s] would
> > be good.
>
> I realise lots of people dislike AS_PATH stuffing with other peoples' AS
> numbers and treat it as a form of hijacking.
>
> However, there's an argument that AS_PATH is really just a loop-avoidance
> mechanism, not some kind of AS-granular traceroute for prefix propagation.
> In that sense, stuffing 9327 into a prefix as a mechanism to stop that
> prefix being accepted by AS 9327 seems almost reasonable. (I assume this is
> the kind of TE you are talking about.)
>
> What is the principal harm of doing this? Honest question. I'm not
> advocating for anything, just curious.
Excellent question.
1/ We can’t really expect on the loop detection to work that way at the
“jacked” side. So if this is innocent traffic engineering, it is unreliable
at best.
2/ Attribution. The moment you stuff AS 2914 anywhere in the path, we may
get blamed for anything that happens through the IP addresses for that
route. In a way the ASNs in the AS_PATH attribute an an
inter-organizational escalation flowchart.
Kind regards,
Job
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190613/be260061/attachment.html>
More information about the NANOG
mailing list