someone is using my AS number

Joe Provo nanog-post at rsuc.gweep.net
Fri Jun 14 00:17:43 UTC 2019


On Thu, Jun 13, 2019 at 09:58:20AM -0400, Joe Abley wrote:
> Hey Joe,
> 
> On 12 Jun 2019, at 12:37, Joe Provo <nanog-post at rsuc.gweep.net> wrote:
> 
> > On Wed, Jun 12, 2019 at 04:10:00PM +0000, David Guo via NANOG wrote:
> >> Send abuse complaint to the upstreams
> > 
> > ...and then name & shame publicly. AS-path forgery "for TE" was
> > never a good idea. Sharing the affected prefix[es]/path[s] would
> > be good.
> 
> I realise lots of people dislike AS_PATH stuffing with other peoples' AS numbers and treat it as a form of hijacking.
> 
> However, there's an argument that AS_PATH is really just a
> loop-avoidance mechanism, not some kind of AS-granular traceroute
> for prefix propagation. In that sense, stuffing 9327 into a prefix
> as a mechanism to stop that prefix being accepted by AS 9327 seems
> almost reasonable. (I assume this is the kind of TE you are talking
> about.)
> 
> What is the principal harm of doing this? Honest question. I'm
> not advocating for anything, just curious.

There is no way at a distance to tell the difference between:
- legitimate AS forwarding
- ham-fistedly attempting "innocent" TE away from the forged AS
- maliciously hiding traffic from the forged AS
- an error with the forged AS

IME, when you can NOT look like an error or an attack, that's a 
Good Thing.

The last "major" provider who failed to provide BGP community-based
TE was 3549, and with their absorbtion into 3356 no one should have
any tolerance for this garbage, IMNSHO.

Cheers,

joe


-- 
Posted from my personal account - see X-Disclaimer header.
Joe Provo / Gweep / Earthling 



More information about the NANOG mailing list