Re: [RPSEC] FW: AS 8437 announced a quarter of the net for half of an hour
Curtis Villamizar <curtis@occnc.com> Tue, 15 August 2006 01:54 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1GCo81-0003pO-BH; Mon, 14 Aug 2006 21:54:01 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1GCo7z-0003pG-IL
for rpsec@ietf.org; Mon, 14 Aug 2006 21:53:59 -0400
Received: from [69.37.59.173] (helo=workhorse.brookfield.occnc.com)
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GCo7y-0006SC-A9
for rpsec@ietf.org; Mon, 14 Aug 2006 21:53:59 -0400
Received: from workhorse.brookfield.occnc.com (localhost [127.0.0.1])
by workhorse.brookfield.occnc.com (8.13.4/8.13.4) with ESMTP id
k7F20PnW041703; Mon, 14 Aug 2006 22:00:25 -0400 (EDT)
(envelope-from curtis@workhorse.brookfield.occnc.com)
Message-Id: <200608150200.k7F20PnW041703@workhorse.brookfield.occnc.com>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: [RPSEC] FW: AS 8437 announced a quarter of the net for half of an
hour
In-reply-to: Your message of "Tue, 15 Aug 2006 00:31:30 +0200."
<61CD5836-AA9C-4D07-BEDD-976642406608@muada.com>
Date: Mon, 14 Aug 2006 22:00:24 -0400
From: Curtis Villamizar <curtis@occnc.com>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
Cc: rpsec@ietf.org
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: curtis@occnc.com
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org
In message <61CD5836-AA9C-4D07-BEDD-976642406608@muada.com> Iljitsch van Beijnum writes: > > On 14-aug-2006, at 21:53, Tony Li wrote: > > >> Today (Aug 14th 2006) AS 8437 announced 63 /8 nets from 14:30 to > >> 15:00 > >> UTC. I don't believe that this is normal, but please correct me if I > >> am wrong. > > Looks like they inject these prefixes into their routers to blacklist > them (if you route the next hop address to some place unreachable and > also do a reverse path forwarding check you filter both to and from > these addresses) but somehow they leaked the prefixes. I think Tony's point is that no one should be accepting these. Almost all cases of bogus routing that has done damage was accidental. There have been some incidents of intentional bogus routes injected as an attack that I know of but these are (or used to be) far less common. Curtis _______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www1.ietf.org/mailman/listinfo/rpsec
- [RPSEC] FW: AS 8437 announced a quarter of the ne… Tony Li
- Re: [RPSEC] FW: AS 8437 announced a quarter of th… Iljitsch van Beijnum
- Re: [RPSEC] FW: AS 8437 announced a quarter of th… Curtis Villamizar
- RE: [RPSEC] FW: AS 8437 announced a quarter of th… Tony Li
- RE: [RPSEC] FW: AS 8437 announced a quarter of th… william(at)elan.net
- RE: [RPSEC] FW: AS 8437 announced a quarter of th… Tony Li
- Re: [RPSEC] FW: AS 8437 announced a quarter of th… Curtis Villamizar
- Re: [RPSEC] FW: AS 8437 announced a quarter of th… Iljitsch van Beijnum