|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BGP Attack - Best Defense ?
You need to contact 1st their directly connected provider, 2nd contact your upstream provider and ask that they contact their peers and negate the announcement. 3rd if this is an ARIN provided block contact them as you do pay for your allocation and they will have the contacts to resolve the issue. You cannot normally announce smaller than a /24 ----- Original Message ----- From: "Scott Weeks" [[email protected]] Sent: 08/29/2008 03:50 PM MST To: <[email protected]> Subject: Re: BGP Attack - Best Defense ? ------- [email protected] wrote: ------- From: Jason Fesler <[email protected]> > I am signed up for the Prefix Hijack Alert System > (phas.netsec.colostate.edu) and would be alerted in about 6 hours (or > less?) about a prefix announcement change. Would the alerts go to a mail server behind said BGP prefixes? --------------------------------------- They would go to me. They have been coming to me since I heard about this service on NANOG. Thanks folks at Colorado State University! :-) -------------------------------------- Also, if you're gonna bother at all.. I'd humbly suggest that 6 hours is too long to wait. Without naming names, consider if this response time is adequate, and if not, look at some of the commercial options. -------------------------------------- I'm currently on an eyeball network and no one is physically close to me, since I'm in Hawaii (the most isolated land mass in the world). Even though the TTL changes in this attack, the physics don't. The gamers would probably be the first alert folks as they would see the delay regardless of what their traceroutes say... ;-) In this attack the traffic makes it to both end-points. The middle is what changes. Restating my question differently: If the attacker is announcing a /24 of mine, I figure it out some how and I start announcing the same. What happens if the attacker doesn't stop? This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
|