North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: More on black-holed reserved/8 block.
It showed up in a UDP probe on an Aussie connection, so I tracerouted it for the my associate, now I have a better understanding as to what is going on. [email protected] wrote: > As one person explained to me, often miscreants broadcast a bogus route > so they can launch an attack from a 'reserved' space. > > What I was probably not clear enough in my original question was why the > person at bungi.com was even TRYING to traceroute to a 98/ address. Was > it something that showed up in a access log as an failed attempt, or? > > Is it the case that above.net is black-holing packets with a *destination* > in the RBL, but *not* filtering packets with a *source* address from > the RBL? If so, this would still allow RPC-based attacks (and TCP as well, > if the victim's box had bad sequence number prediction). > > What are other sites that use the RBL BGP feed doing in this case? > > (And yes, I understand that many routers can route to a blackhole destination > a lot faster than they can apply an ACL on the source). > > -- > Valdis Kletnieks > Operating Systems Analyst > Virginia Tech > > traceroute to 98.100.32.32 (98.100.32.32): 1-30 hops, 38 byte packets > 1 main.bungi.com (207.126.97.9) 2.15 ms 1.73 ms 1.86 ms > 2 above-gw2.above.net (207.126.96.217) 4.41 ms 4.88 ms 3.67 ms > 3 core5-main2-oc3.sjc.above.net (216.200.0.205) 3.62 ms 4.56 ms > 7.53 ms > 4 core3-core5-oc48.sjc2.above.net (208.184.102.206) 6.34 ms 5.7 ms > 5.3 ms > 5 iad-sjc2-oc48.iad.above.net (216.200.127.25) 73.0 ms 79.7 ms 72.6 > ms > 6 > hat.address.is.on.the.rbl.see.www.mail-abuse.org.for.more.information.above.net > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature -- Thank you; |--------------------------------| | Thinking is a learned process. | | ICANN member @large | | Gigabit over IP, ieee 802.17 | |--------------------------------| Henry R. Linneweh
|