List Info

Thread: AS 8437 announced a quarter of the net for half of an hour
AS 8437 announced a quarter of the net for half of an hour
user name
 2006-08-14 22:31:30 
On 14-aug-2006, at 21:53, Tony Li wrote:

>> Today (Aug 14th 2006) AS 8437 announced 63 /8 nets
from 14:30 to  
>> 15:00
>> UTC.  I don't believe that this is normal, but
please correct me if I
>> am wrong.

Looks like they inject these prefixes into their routers to
blacklist  
them (if you route the next hop address to some place
unreachable and  
also do a reverse path forwarding check you filter both to
and from  
these addresses) but somehow they leaked the prefixes.


_______________________________________________
RPSEC mailing list
RPSECietf.org
https://
www1.ietf.org/mailman/listinfo/rpsec
AS 8437 announced a quarter of the net for half of an hour
user name
 2006-08-15 02:00:24 
In message <61CD5836-AA9C-4D07-BEDD-976642406608muada.com>
Iljitsch van Beijnum writes:
>  
> On 14-aug-2006, at 21:53, Tony Li wrote:
>  
> >> Today (Aug 14th 2006) AS 8437 announced 63 /8
nets from 14:30 to  
> >> 15:00
> >> UTC.  I don't believe that this is normal,
but please correct me if I
> >> am wrong.
>  
> Looks like they inject these prefixes into their
routers to blacklist  
> them (if you route the next hop address to some place
unreachable and  
> also do a reverse path forwarding check you filter both
to and from  
> these addresses) but somehow they leaked the prefixes.


I think Tony's point is that no one should be accepting
these.  Almost
all cases of bogus routing that has done damage was
accidental.  There
have been some incidents of intentional bogus routes
injected as an
attack that I know of but these are (or used to be) far less
common.

Curtis

_______________________________________________
RPSEC mailing list
RPSECietf.org
https://
www1.ietf.org/mailman/listinfo/rpsec
AS 8437 announced a quarter of the net for half of an hour
user name
 2006-08-15 04:06:54 
 

> I think Tony's point is that no one should be
accepting these.  Almost
> all cases of bogus routing that has done damage was
accidental.  There
> have been some incidents of intentional bogus routes
injected as an
> attack that I know of but these are (or used to be) far
less common.


Correct.  The difference between these 'mistakes' and an
attack is only
one of intent, and a functional security system should
render both
ineffective.  

Until we as a community converge and move forward, these
little presents
from the Oort cloud will continue.

Tony



_______________________________________________
RPSEC mailing list
RPSECietf.org
https://
www1.ietf.org/mailman/listinfo/rpsec
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )