|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Kenyan Route Hijack
On Sun, Mar 16, 2008 at 2:07 AM, Glen Kent <[email protected]> wrote: > > Paul, > > > > Also: I have seen instances where a static route points to a next > > hop that (inadvertently) may be "redistribute-static" injected into > > BGP. This happens occasionally due to ad hoc configurations, back- > > hole null routing, etc. > > And why would an ISP locally try to blackhole traffic bound to some > other legitimate address space? Wouldnt this result in this service I think it was Abovenet that blackholed a /24 of (I want to say MAPS, but that's not right) an anti-spam-RBL sometime pre-1999? > provider's customers to lose connectivity to whatever websites fall > behind the IP address block in question? Or is that the intention? > perhaps they had a significant number of complaints about the address block and no reaction from the owner(s)? or the address block (or hosts in it) were scanning their infrastucture, or dos'ing it or??? There are a whole host of reasons one might conjecture. In ALL cases you'd never put in a /24 but a pair of /25 so that you didn't become the best path for the rest of the internets... > If its done intentionally then it would only make sense if theres a > DOS attack coming from that address block, or if theres something dos attack mitigation works best on destinations, not sources... urpf-loose aside a filter would have solved that form of problem quicker. > "blasphemous" put up there. If none of these, then why locally > blackhole traffic? > once upon a time we had a noc person null route a 210.x.x.0/24 block because someone used their email address in the 'from' for a spam run... a swift 'discussion' ensued and they learned there was a better solution to their problem. (swift after the owners of the ip space got a little irrate :( ) -Chris
|