AS3356 Announcing 2000::/12

Matthew Petach mpetach at netflight.com
Sat Dec 10 00:24:06 UTC 2022


On Thu, Dec 8, 2022 at 9:35 AM Randy Bush <randy at psg.com> wrote:

> while i think the announcement is, shall we say, embarrassing, i do not
> see how it would be damaging.  real/correct announcements would be for
> longer prefixes, yes?
>
> randy
>


 Putting on a probably-overly-paranoid hat for a moment...

If I announce 2000::/12, seemingly as an innocent error,
it won't break most people's routing, and is likely to be simply
chalked up as a copy-paste error, or other human "oops".

But if I happen to be running a promiscuous packet capture
on a box that the "erroneous" routing table entry ultimately
resolves to, I warrant there's a certain amount of legitimate
packet streams I could collect here and there, any time a
router processes a WITHDRAW update message for a more
specific prefix within the range, before a new ANNOUNCE
update message is processed.

I'm not going to get a great deal of information, as most
simple prefix updates happen within the same update
message; but during periods of higher internal churn in a
network, you may have brief periods during which the more
specific route is withdrawn before being re-announced, during
which I'd be able to harvest packets destined for other networks.

As I said--I'm probably being overly paranoid, but I can't help but
wonder what packets such a collector might see, if left to run for a
week or two... ^_^;

Thanks!

Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20221209/c42b7ac5/attachment.html>


More information about the NANOG mailing list