[68735] in North American Network Operators' Group
Re: Packet Kiddies Invade NANOG
daemon@ATHENA.MIT.EDU (Michael.Dillon@radianz.com)
Tue Mar 16 05:56:42 2004
To: nanog@merit.edu
From: Michael.Dillon@radianz.com
Date: Tue, 16 Mar 2004 10:54:43 +0000
Errors-To: owner-nanog-outgoing@merit.edu
People should be worried about stuff like this.
Banetele is a facilities-based network operator
in Norway and these guys are directly attacking
their BGP sessions to put them off the air.
Assuming that they are not sourcing the attacks
in Banetele's AS, then you, the peer of Banetele
are delivering the packet stream that kills the
BGP session. How long before peering agreements
require ACLs in border routers so that only BGP
peering routers can source traffic destined to
your BGP speaking routers?
(08:48:02) <#sigdie!OseK_> i just collapsed banetele's BGP announcement
(08:48:43) <#sigdie!p> i dunno banetele looks dead
(08:48:48) <#sigdie!p> or maybe im just lagging
(08:49:00) <#sigdie!OseK_> ... BitchX: Sent server ping to
[irc.banetele.no]
(08:49:00) <#sigdie!OseK_> ... Server pong from irc.banetele.no 0.8224
seconds
(08:49:12) <#sigdie!p> bash-2.05a$ telnetirc.banetele.no 6667
(08:49:13) <#sigdie!p> Trying 213.239.111.2...
(08:49:16) <#sigdie!OseK_> thats cuz I collapsed their BGP announcement by
nailing their router head on(08:49:26) <#sigdie!OseK_> but they have a
secondary route to efnet
(08:49:30) <#sigdie!_mre|42o> BGP announcement?
(08:49:31) <#sigdie!OseK_> thru their multihomed connection
(08:49:32) <#sigdie!OseK_> yeah
(08:49:37) <#sigdie!OseK_> they have a collapsable route
(08:49:44) <#sigdie!OseK_> using the border gateway protocl
(08:49:54) <#sigdie!OseK_> hey have to announce to a pool
(08:49:58) <#sigdie!OseK_> in order to establish their route
(08:50:07) <#sigdie!OseK_> but if thye get hit enough their router drops
the
announcements
(08:50:10) <#sigdie!OseK_> and they lose their routes
(08:50:14) <#sigdie!OseK_> its wierd
(08:50:21) <#sigdie!OseK_> i dont quite understand how it works myself
