North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Packet Kiddies Invade NANOG

  • From: Alexei Roudnev
  • Date: Tue Mar 16 11:58:50 2004

Hmm, if someone (except masochists and security vendiors)  still hosts
efnet... I can only send them my condoleences.

I saw sthe same dialogs 6 years ago. Nothing changes.

----- Original Message ----- 
From: "Stephen J. Wilcox" <[email protected]>
To: <[email protected]>
Cc: <[email protected]>
Sent: Tuesday, March 16, 2004 3:54 AM
Subject: Re: Packet Kiddies Invade NANOG


>
> On Tue, 16 Mar 2004, [email protected] wrote:
>
> > People should be worried about stuff like this.  Banetele is a
> > facilities-based network operator in Norway and these guys are directly
> > attacking their BGP sessions to put them off the air.
>
> Can anyone from Banetele/who knows Banetele confirm this attack took
place?
>
> Steve
>
> > Assuming that they are not sourcing the attacks
> > in Banetele's AS, then you, the peer of Banetele
> > are delivering the packet stream that kills the
> > BGP session. How long before peering agreements
> > require ACLs in border routers so that only BGP
> > peering routers can source traffic destined to
> > your BGP speaking routers?
> >
> > (08:48:02) <#sigdie!OseK_> i just collapsed banetele's BGP announcement
> > (08:48:43) <#sigdie!p> i dunno banetele looks dead
> > (08:48:48) <#sigdie!p> or maybe im just lagging
> > (08:49:00) <#sigdie!OseK_> ... BitchX: Sent server ping to
> > [irc.banetele.no]
> > (08:49:00) <#sigdie!OseK_> ... Server pong from irc.banetele.no 0.8224
> > seconds
> > (08:49:12) <#sigdie!p> bash-2.05a$ telnetirc.banetele.no 6667
> > (08:49:13) <#sigdie!p> Trying 213.239.111.2...
> > (08:49:16) <#sigdie!OseK_> thats cuz I collapsed their BGP announcement
by
> >
> > nailing their router head on(08:49:26) <#sigdie!OseK_> but they have a
> > secondary route to efnet
> > (08:49:30) <#sigdie!_mre|42o> BGP announcement?
> > (08:49:31) <#sigdie!OseK_> thru their multihomed connection
> > (08:49:32) <#sigdie!OseK_> yeah
> > (08:49:37) <#sigdie!OseK_> they have a collapsable route
> > (08:49:44) <#sigdie!OseK_> using the border gateway protocl
> > (08:49:54) <#sigdie!OseK_> hey have to announce to a pool
> > (08:49:58) <#sigdie!OseK_> in order to establish their route
> > (08:50:07) <#sigdie!OseK_> but if thye get hit enough their router drops
> > the
> > announcements
> > (08:50:10) <#sigdie!OseK_> and they lose their routes
> > (08:50:14) <#sigdie!OseK_> its wierd
> > (08:50:21) <#sigdie!OseK_> i dont quite understand how it works myself
> >
> >
> >
> >
> >
> >
>