[195775] in North American Network Operators' Group
Re: BGP Optimizers (Was: Validating possible BGP MITM attack)
daemon@ATHENA.MIT.EDU (Colin Petrie)
Fri Sep 15 06:47:43 2017
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Colin Petrie <colin@spakka.net>
Date: Fri, 1 Sep 2017 12:52:01 +0200
In-Reply-To: <20170831200649.GP29058@Vurt.local>
Errors-To: nanog-bounces@nanog.org
On 31/08/17 22:06, Job Snijders wrote:> I strongly recommend to turn off
those BGP optimizers, glue the ports
> shut, burn the hardware, and salt the grounds on which the BGP optimizer
> sales people walked.
Yes.
> p.s. providing a publicly available BGP looking glasses will contribute
> to proving your innocence in cases like these. Since in many cases the
> AS_PATH is a complete fabrication, we need to manually check every AS in
> the AS_PATH to see whether the AS carries the fake more-specific. A
> public looking glass speeds up this fault-finding process. If you don't
> want to host a webinterface yourself, please consider sending a BGP feed
> to the Route Views Project or RIPE RIS, or for something queryable in a
> real-time fashion the NLNOG RING Looking Glass http://lg.ring.nlnog.net/
As a RIPE RIS operator, we regularly get people complaining 'oh but we
are not advertising that prefix, your system must be broken'.
Usually it is one of these BGP-optimizer more-specifics leaking out.
Cheers,
Colin
