[110644] in North American Network Operators' Group
Re: Anyone notice strange announcements for 174.128.31.0/24
daemon@ATHENA.MIT.EDU (Nathan Ward)
Mon Jan 12 19:05:43 2009
From: Nathan Ward <nanog@daork.net>
To: nanog list <nanog@nanog.org>
In-Reply-To: <496BD2F5.7050600@brightok.net>
Date: Tue, 13 Jan 2009 13:05:27 +1300
Errors-To: nanog-bounces@nanog.org
On 13/01/2009, at 12:32 PM, Jack Bates wrote:
> I suspect part of this test is to determine if there are enough
> defaults to allow traffic through even though the route isn't being
> processed by certain networks (ie, it does not good to poison
> AS_PATH if defaults in general will allow DOS traffic to continue).
A suggestion I made to Randy at APRICOT in early 2007 when he was
presenting his BGP beacon bogon filter detection stuff[1] was that he
could use AS_PATH poisoning to detect broken filters and topology
between two ASes, not just the best route back to him from each AS.
I think he thought it was a silly idea at the time, probably because
of the massive amount of BGP updates that it would need. Maybe he
changed his mind?
But yes, your suggestion seems reasonable as well - detect the
existence of access lists, as opposed to prefix lists. The
announcement is required to all the intermediary ASNs because of uRPF.
--
Nathan Ward
[1] http://www.apricot.net/apricot2007/presentation/conference/plenary3-randy-bogon.pdf
