North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Best way to deal with bad advertisements?

  • From: Curtis Villamizar
  • Date: Mon Sep 30 15:26:02 1996

In message <[email protected]>, Matthew Petach writes:
> 
> Hi!
> 
> I'm going to ask the rest of the NANOG community 
> for their thoughts/opinions on a problem that's
> been plaguing us periodically that we haven't
> been able to find a satisfactory solution for
> yet.
> 
> There's an ISP back on the East Coast that has
> been periodically advertising more specific
> routes for /24's out of our CIDR blocks and
> black-holing the traffic within their network.
> 
> We've called all the listed numbers for their
> technical, admin, billing, and any other contacts
> we can find, and haven't been able to reach a 
> human; we've left messages of various levels of
> nastyness, from very sugary on up to vaguely
> threatening.  In every case, including the
> current one, it's been more than 24 hours,
> and they still haven't made any response to
> the problem; in fact, I just got paged by our
> NOC early this morning informing me they've
> stolen another one of our /24's.
> 
> As you can well imagine, all the customers on
> those blocks are _very_ unhappy.  Each time this
> happens, we end up with dissatisfied customers,
> many of whom leave, deciding that we're too
> unstable, and can't provide quality network
> connectivity, even though to the best of my
> knowledge, there's nothing we can do to prevent
> these people from stealing our blocks.
> 
> My question to the NANOG community is twofold and
> simple:  Am I overlooking some solution that would
> allow us to 'negate' their advertisement of our
> blocks (205.159.193.0/24 and 207.88.102.0/24 in
> this case) and secondly, is there a formal process
> within the community to seek recompense, or formal
> action against a clueless and net-unfriendly ISP,
> perhaps one as simple as the net equivalent of 
> Mennonite 'shunning'?
> 
> Or are we simply out of luck, and have to simply
> tell our customers "Sorry, everyone is at the
> mercy of the morons who can steal IP blocks
> simply by advertising more specific routes
> with higher weights?"
> 
> It's getting really tempting to advertise the
> networks they have their nameservers on from
> *our* network with a weight of 65535, just to
> get them to call us back.  :-(  :-(
> 
> Anyhow, enough frustrated venting, I *am* very
> interested in what the community feels is the 
> best policy to follow in situations like this.
> 
> Thanks again!
> 
> Matt Petach
> Network Engineer
> (writing from home)


A good solution would be for providers to only accept routes
registered in a routing database (the IRR) from those authorized to
send them with hierarchical authorization within the database (as
implemented by RIPE) and strong authentication (PGP as implemented by
the RA) and top level authorization based on IANA or delegated address
registry assignments.

But you've heard this before.  The best any one provider can do is to
accurately populate the IRR and if possible (based on the limitations
of their routers) put the IRR data into use in defining filters.

Curtis
- - - - - - - - - - - - - - - - -