[68738] in North American Network Operators' Group
Re: Packet Kiddies Invade NANOG
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Tue Mar 16 06:54:45 2004
Date: Tue, 16 Mar 2004 11:54:08 +0000 (GMT)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Michael.Dillon@radianz.com
Cc: nanog@merit.edu
In-Reply-To: <OF08D8EB34.A27C9D68-ON80256E59.003B6459-80256E59.003BF144@radianz.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 16 Mar 2004, Michael.Dillon@radianz.com wrote:
> People should be worried about stuff like this. Banetele is a
> facilities-based network operator in Norway and these guys are directly
> attacking their BGP sessions to put them off the air.
Can anyone from Banetele/who knows Banetele confirm this attack took place?
Steve
> Assuming that they are not sourcing the attacks
> in Banetele's AS, then you, the peer of Banetele
> are delivering the packet stream that kills the
> BGP session. How long before peering agreements
> require ACLs in border routers so that only BGP
> peering routers can source traffic destined to
> your BGP speaking routers?
>
> (08:48:02) <#sigdie!OseK_> i just collapsed banetele's BGP announcement
> (08:48:43) <#sigdie!p> i dunno banetele looks dead
> (08:48:48) <#sigdie!p> or maybe im just lagging
> (08:49:00) <#sigdie!OseK_> ... BitchX: Sent server ping to
> [irc.banetele.no]
> (08:49:00) <#sigdie!OseK_> ... Server pong from irc.banetele.no 0.8224
> seconds
> (08:49:12) <#sigdie!p> bash-2.05a$ telnetirc.banetele.no 6667
> (08:49:13) <#sigdie!p> Trying 213.239.111.2...
> (08:49:16) <#sigdie!OseK_> thats cuz I collapsed their BGP announcement by
>
> nailing their router head on(08:49:26) <#sigdie!OseK_> but they have a
> secondary route to efnet
> (08:49:30) <#sigdie!_mre|42o> BGP announcement?
> (08:49:31) <#sigdie!OseK_> thru their multihomed connection
> (08:49:32) <#sigdie!OseK_> yeah
> (08:49:37) <#sigdie!OseK_> they have a collapsable route
> (08:49:44) <#sigdie!OseK_> using the border gateway protocl
> (08:49:54) <#sigdie!OseK_> hey have to announce to a pool
> (08:49:58) <#sigdie!OseK_> in order to establish their route
> (08:50:07) <#sigdie!OseK_> but if thye get hit enough their router drops
> the
> announcements
> (08:50:10) <#sigdie!OseK_> and they lose their routes
> (08:50:14) <#sigdie!OseK_> its wierd
> (08:50:21) <#sigdie!OseK_> i dont quite understand how it works myself
>
>
>
>
>
>
