[130163] in North American Network Operators' Group
RE: AS11296 -- Hijacked?
daemon@ATHENA.MIT.EDU (George Bonser)
Wed Sep 29 13:45:38 2010
Date: Wed, 29 Sep 2010 10:43:32 -0700
In-Reply-To: <AANLkTinDBTDTf_S8NG2auhT+Z3aN95BpdkQThq7nNdsS@mail.gmail.com>
From: "George Bonser" <gbonser@seven.com>
To: "Heath Jones" <hj1980@gmail.com>,
"Ronald F. Guilmette" <rfg@tristatelogic.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Heath Jones=20
> Sent: Wednesday, September 29, 2010 5:16 AM
> To: Ronald F. Guilmette
> Cc: nanog@nanog.org
> Subject: Re: AS11296 -- Hijacked?
>=20
> Let me reword...
> What is stopping someone coming on the list, making a claim like you
> have in an attempt to actually cause a DOS attack, by having some
> clumsy network engineers starting to block traffic in reaction to your
> post?
There would be several filters for this. Is the person reporting this a
known network operator that people trust or is it some Joe Blow out of
nowhere that nobody has heard of before? That would make a huge
difference. Is the AS assigned to a company that is known to be
defunct? That would be another flag. Why would a company that no longer
exists have its ASN active and its IPs sending traffic? This would be
particularly interesting if the carrier handling the traffic is not a
carrier known to have a relationship with that AS in the past. So a
pattern of ... AS works for many years, disappears for some period of
time, company goes defunct, and some period of time later the AS appears
on a completely different carrier without any reassignment from the
registrar.
Bottom line, there is more to it than someone just popping up on a list
saying something.
g
