North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Kenyan Route Hijack

  • From: Glen Kent
  • Date: Sun Mar 16 02:14:35 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=LR6el5v9FvROeuGvlc3FMjwsM3Z2SVxL1nYzhWy//tQ=; b=V7jHlFnA2QD+7ThB8aztIPdjwKnxLfVN5uTgpxf5c9hgPUYB8mVNBPwC1a/uyTl/IJsUDFX0WRjb1XGBOSA0u2fhFYchB27R3wy6YdAwp4aHOqJNRW0itLJYmxzwQvUs0rbjZ8a8WnMxVvX8sYVo8oV6YYVtQ4s58VpcCzTZ07o=
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=xeVZKFUHBcvzP+e/cxVqUa6wNdmkhOqDrz9oHatGcch9n+uSklNJfSmUv6t6OLnOKjMdulveBlrSiPN44dvWvDnF7THvxR4O59xxOVn2c7A0o5LCZmHKpgS3o+0lmmRAxE1sYmhUrmgdL/YGxyUkJ1GSH8UcGR9u1qsdEPEELsw=


>  Also: I have seen instances where a static route points to a next
>  hop that (inadvertently) may be "redistribute-static" injected into
>  BGP. This happens occasionally due to ad hoc configurations, back-
>  hole null routing, etc.

And why would an ISP locally try to blackhole traffic bound to some
other legitimate address space? Wouldnt this result in this service
provider's customers to lose connectivity to whatever websites fall
behind the IP address block in question? Or is that the intention?

If its done intentionally then it would only make sense if theres a
DOS attack coming from that address block, or if theres something
"blasphemous" put up there. If none of these, then why locally
blackhole traffic?