[103102] in North American Network Operators' Group
Re: Kenyan Route Hijack
daemon@ATHENA.MIT.EDU (Kameron Gasso)
Sun Mar 16 06:47:57 2008
Date: Sun, 16 Mar 2008 03:42:53 -0700
From: Kameron Gasso <kgasso-lists@visp.net>
Reply-To: kgasso@visp.net
To: Christopher Morrow <morrowc.lists@gmail.com>
CC: nanog@merit.edu
In-Reply-To: <75cb24520803152336g670eadfdrd9885a376cf32c48@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
Christopher Morrow wrote:
> I think it was Abovenet that blackholed a /24 of (I want to say MAPS,
> but that's not right) an anti-spam-RBL sometime pre-1999?
If I'm not mistaken, that was ORBS.
> perhaps they had a significant number of complaints about the address
> block and no reaction from the owner(s)? or the address block (or
> hosts in it) were scanning their infrastucture, or dos'ing it or???
Such action has always been a last-ditch when I've had to deal with
severe network abuse/denial of service. Doing it on routers at the
network core and not just at the edge where the affected systems or
customers interconnect seems pretty severe, though.
> There are a whole host of reasons one might conjecture. In ALL cases
> you'd never put in a /24 but a pair of /25 so that you didn't become
> the best path for the rest of the internets...
Even then, one would hope filters would be in place to keep it from
traversing outside of their local AS, at least in a more perfect world.
Of course, another recent incident disproving that theory comes to mind...
-Kam
