North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [admin] [summary] RE: YouTube IP Hijacking

  • From: Christopher Morrow
  • Date: Tue Feb 26 12:04:48 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=18CgaaRewrzWQo2NmltAD6/PimdZsJ94VXTj+FjwisQ=; b=g4pcKYN7u0wbJHA8rbXCm0PIXZaRMvCfsyaBlThhJ201ysocn+P/TXPFOKTAnBWR027tQDZpGiv8eVkRajM8JQmgYmnzr86Zfo5AUIqhiSurBUoQxStAAtoXXJ5GHQlup7Re84CPaGgAtuZrRWC/viz4qVAfOXSnYiUcSfwBn5k=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=ZXJa4EDAY4WEOjAW2jj/hM2Vpp7Lzw45Df2F2VVeEiFwcQjGPhjubOYIYw0EXOl5UgYSiGeo1+81vOBiyKudaxAgG0vN8n5+TEvLRI6GmSWxa3OEqdJ68GAhL0KFyy81T64h8q8qAFwgaJRmOtU19zZCzfIjZtIGRgngcLLtfiE=
On Tue, Feb 26, 2008 at 10:40 AM, hjan <[email protected]> wrote:

>  I think that they should use remote triggered blackhole filtering with
>  no-export community.
>  In this way they do the job with no impact on the rest of internet.

so, certainly this isn't a bad idea, but given as an example:

<http://www.secsup.org/CustomerBlackHole/>
(Sorry not a perfect example, but illustrates my point)

instead of:
ip route my.offensive.material.0 255.255.255.0 Null0 tag 12345

the operator in question (person not place) types:
ip route my.offensive.material.0 255.255.255.0 Null0 tag 1234

oops, a simple cut/paste mistake means that a route didn't get tagged
properly, didn't get community tagged properly, didn't get set
no-export and didn't get kept internally :(

There is no SINGLE fix for this, there is a belt+suspenders approach:

1) Know what you are advertising (customer side of the puzzle)
2) Know what you are expecting to recieve (provider side of the puzzle)
3) plan for failures in both parts of this puzzle.

-Chris