[110739] in North American Network Operators' Group
RE: Anyone notice strange announcements for 174.128.31.0/24
daemon@ATHENA.MIT.EDU (Michienne Dixon)
Wed Jan 14 17:53:45 2009
Date: Wed, 14 Jan 2009 16:52:42 -0600
From: "Michienne Dixon" <mdixon@nkc.org>
To: "NANOG list" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Well, if you really want to pick knits you are welcome to. If I meant
prepending, I would have said that. The example that I listed was
setting up a router, advertising the ASNs listed and the random IP
ranges gleaned from IANA. Sorry if I confused you.
-
Michienne Dixon
Network Administrator
liNKCity
312 Armour Rd.
North Kansas City, MO 64116
www.linkcity.org
(816) 412-7990
-----Original Message-----
From: John Payne [mailto:john@sackheads.org]=20
Sent: Wednesday, January 14, 2009 3:57 PM
To: Michienne Dixon
Cc: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
On Jan 14, 2009, at 10:50 AM, Michienne Dixon wrote:
>
> Interesting - So as a cyber criminal - I could setup a router, start=20
> announcing AS 16733, 18872, and maybe 6966 for good measure and their=20
> routers would ignore my announcements and IP ranges that I siphoned=20
> from searching IANA? Hm... Would that also prevent them from=20
> accessing my rogue network from their network?
What do you mean "announcing AS 16733..." ?
Putting 16733 in an AS PATH is not announcing it.
>
>
>
>
> -
> Michienne Dixon
> Network Administrator
> liNKCity
> 312 Armour Rd.
> North Kansas City, MO 64116
> www.linkcity.org
> (816) 412-7990
>
> -----Original Message-----
> From: Simon Lockhart [mailto:simon@slimey.org]
> Sent: Wednesday, January 14, 2009 2:07 AM
> To: Hank Nussbacher
> Cc: NANOG list
> Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
>
> On Wed Jan 14, 2009 at 09:59:14AM +0200, Hank Nussbacher wrote:
>> What if, by doing some research experiment, the researcher discovers=20
>> some unknown and latent bug in IOS or JunOS that causes much of the=20
>> Internet to go belly up? 1 in a billion chance, but nonetheless, a=20
>> headsup would have been in order.
>
> Say we had a customer who connected to us over BGP, and they used some
> new experimental BGP daemon. Their announcement was "odd" in some way,
> but appeared clean to us (a Cisco house). Once their announcement hit=20
> the a Foundry router, it tickled a bug which caused the router to=20
> propogate the announcement, but also start to blackhole traffic. Oh=20
> dear, large chunks of the Internet have just gone belly up.
>
> Should we have given a heads up to the Internet at large that we were=20
> turning up this customer?
>
> Simon
> (Yes, I'm in the minority that thinks that Randy hasn't done anything
> bad)
> --
>
> Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration=20
> *
> Director | * Domain & Web Hosting * Internet Consultancy *
> Bogons Ltd | * http://www.bogons.net/ * Email: info@bogons.net *
>
>
