[102674] in North American Network Operators' Group
ISP's who where affected by the misconfiguration: start using IRR
daemon@ATHENA.MIT.EDU (Jeroen Massar)
Sun Feb 24 18:07:10 2008
Date: Sun, 24 Feb 2008 23:55:57 +0100
From: Jeroen Massar <jeroen@unfix.org>
To: nanog@merit.edu
CC: Max Tulyev <president@ukraine.su>
In-Reply-To: <47C1ECCB.1060602@ukraine.su>
Errors-To: owner-nanog@merit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigEC5414D5C0E47AA68C08B82B
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
First the operational portion:
For all the affected network owners, please read and start=20
using/implement one of the following excellent ideas:
* Pretty Good BGP and the Internet Alert Registry
http://www.nanog.org/mtg-0606/pdf/josh-karlin.pdf
* PHAS: A Prefix Hijack Alert System
http://irl.cs.ucla.edu/papers/originChange.pdf
(A live/direct BGP-feed version of this would be neat)
* Routing Registry checking, as per the above two
rr.arin.net & whois.ripe.net contains all the data you need
Networks who are not in there are simply not important enough to
exist on the internet as clearly those ops folks don't care about
their network...
Of course there is also (S-)BGP(-S), but that will apparently never=20
happen, and actually, with the a system like PGBGP or PHAS one already=20
covers quite a bit of the issue, until a real hijacker just uses the=20
original ASN. IRR data helps there partially though as it tends to have=20
upstream/downstream information, but it doesn't cover all cases.
For the rest google(bgp monitor hijack) for a list of other things.
Now for the sillynesss....
<non-ops political blabla FUD>
Max Tulyev wrote:
>=20
> I think it was NOT a typo. This was a test, much more important test fo=
r=20
> this world than last american anti-satellite missile.
>=20
> And if they do it again with more mind, site will became down for a=20
> weeks at least... More of that, if big national telecom operator did it=
=20
> and have neighbors to filter them out - it can lead to global split of =
> the network.
>=20
> Of course, it should be happened early or late with THIS design of the =
> Network.
Oh boy oh boy, I just have to comment on this :)
Wow, somebody with an email address like yours, especially the president =
and the .su bit are amusing, is commenting on another country doing=20
'tests'!? You might actually try keeping your bombers closer to the=20
shores instead of trying to play chicken with the USS Nimitz :)
http://www.upi.com/NewsTrack/Top_News/2008/02/11/russian_bomber_buzzes_ni=
mitz/5914/
In Soviet Russia the Internet hijacks you?
Please folks, keep the posts operational :)
</non-ops political blabla FUD>
Greets,
Jeroen
--------------enigEC5414D5C0E47AA68C08B82B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHwfX+KaooUjM+fCMRAsIFAJ0RoPowPt+djAGzOwSHV2gCIFDduQCfWf52
EfYLdMoqZwwdVvbvmVrAsFY=
=wXIu
-----END PGP SIGNATURE-----
--------------enigEC5414D5C0E47AA68C08B82B--
