North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Deaggregating for emergency purposes
Based on my experience with the BGP misconfiguration study http://www.cs.washington.edu/homes/ratul/bgp/index.html I can say that this is not an idle worry. We saw about 15 hijack incidents (mostly of more-specifics, but full prefixes too) per day. We used route-views data, so even if hijacks come from middle of asia (some did, not all), they did make it to the tables of some major providers. On Tue, 6 Aug 2002, Omachonu Ogali wrote: > If all else fails, break out Outlook and your favorite translator, > because last time I checked, speaking English was not a requirement > to run a network. Even if most of you do, this is not a "Majority > Rules" situation. This too is a concern when depending on foreign nocs to take action. I ran into many non-english speaking nocs; mainly in south america. -- Ratul On Tue, 6 Aug 2002, Omachonu Ogali wrote: > > What about announcing and registering with your IRR, more-specific > routes for the period that the problem ONLY exists, instead of being > lazy? > > If all else fails, break out Outlook and your favorite translator, > because last time I checked, speaking English was not a requirement > to run a network. Even if most of you do, this is not a "Majority > Rules" situation. > > On Mon, Aug 05, 2002 at 10:47:33PM -0700, [email protected] wrote: > > > > get on the bandwaggon that filtering is a good thing ?? :) > > > > at some point some transit is going to listen and drop the announcement. > > > > Lets take an example. Deep Dark middle of asia, someone starts announcing > > a /24 of yours. Their upstream takes the packet, and so forth. At some point > > they will touch a NSP or ISP (international service provider) and you can get > > things dropped their. > > Yes. End of story. Go directly to the finish diamond at the end of > your flowchart. If the next step in your flowchart is "pollute IRRs > with 3592375238957235893275839572 /32s", please return your maintainer > object. > > > Your pushing out a /24 will help slurp some of the traffic towards you, > > but not all. > > > > Personally I have deagged some prefixes to cause a DOS/DDOS towards a > > particular address to route down a slow connection I had. Sacrifice > > one link, to keep customers running on the others. But thats different. > > Yes, but you removed it later on, correct? > > > Its about networking, the people kind, at this point. > > > > cheers > > > > john brown > > chagres technologies, inc > > > > On Mon, Aug 05, 2002 at 09:00:55PM -0400, Phil Rosenthal wrote: > > > > > > But the question is, what do you do if it's coming from somewhere with a > > > difficult to contact NOC, and their upstream is difficult to contact as > > > well? > > > > > > --Phil > > > > > > -----Original Message----- > > > From: John M. Brown [mailto:[email protected]] > > > Sent: Monday, August 05, 2002 8:12 PM > > > To: Phil Rosenthal > > > Cc: [email protected] > > > Subject: Re: Deaggregating for emergency purposes > > > > > > > > > Hmm, this would be a "Bad Idea" (TM) (C) 2002, DMCA Protected > > > > > > Having had this happen to me several different times, I'd have to > > > recommend, calling the NOC of the advertising party. as the pref'd way > > > of handling it. > > > > > > On Mon, Aug 05, 2002 at 06:41:22PM -0400, Phil Rosenthal wrote: > > > > > > > > I am currently announcing only my aggregate routes, but I have lately > > > > thought about the possibility of someone mistakenly, or maliciously, > > > > announcing more specifics from my space. The best solution for an > > > > emergency response to that (that I can think of), is registering all > > > > of the /24's that make up my network, so if someone should announce a > > > > more-specific, I can always announce the most specific that would be > > > > accepted (assuming they don't announce the /24's too, it should be a > > > > problem avoided) > > > > > > > > Does anyone else have any other ideas on ways to quickly deal with > > > > someone else announcing your more specifics, since contacting their > > > > NOC is likely going to take a long time... > > > > > > > > --Phil > > > > > > > > > -- > Omachonu Ogali > [email protected] > http://www.informationwave.net >
|