On 17 Mar 2008 04:12:13 +, Paul Vixie [EMAIL PROTECTED] wrote:
i think, at this stage and at this date, that bringing up the ORBS/abovenet
debacle constitutes a canard, and should be avoided, for the good of all.
Completely unrelated to l'affaire ORBS of course, but in this more
recent
Usually unintentional. See Pakistan Telecom for recent example.
Pakistan's blackhole was semi-unintentional, kind of like you tried to
shoot your spouse but the bullet went through the wall and
unintentionally hit a neighbor.
Do ISPs (PTA, AboveNet, etc) that unintentionally
On Sat, Mar 15, 2008 at 11:57:50AM -0600, Danny McPherson wrote:
An interesting bit is that the current announcement on routeviews
directly from AS 6461 has Community 6461:5999 attached:
...
6461
64.125.0.137 from 64.125.0.137 (64.125.0.137)
Origin IGP, metric 0, localpref 100,
On Mon, Mar 17, 2008 at 01:13:04PM +0530, Suresh Ramasubramanian wrote:
anybody see similar routing loops for those other prefixes that'd make
it look like 5999 is a blackhole community at abovenet, so this dude
is seeing what ORBS saw way back when (2000, right) - that is, he had
abuse
On Mon, Mar 17, 2008 at 3:48 PM, Glen Kent [EMAIL PROTECTED] wrote:
Do ISPs (PTA, AboveNet, etc) that unintentionally hijack someone
else IP address space, ever get penalized in *any* form? Depending
upon whom and what they hijack, and who all get affected, it sure can
PTA's ASN actually
On Mon, Mar 17, 2008 at 03:48:07PM +0530, Glen Kent wrote:
Do ISPs (PTA, AboveNet, etc) that unintentionally hijack someone
else IP address space, ever get penalized in *any* form?
Not usually. I remember an incident (while working at AboveNet, ironically)
back in 98/99 where 701
On Mon, Mar 17, 2008 at 6:38 PM, Jeff Aitken [EMAIL PROTECTED] wrote:
IMHO a better use of our time would be to solve the underlying technical
issue(s). Whether it's soBGP, sBGP, or something else, we need to figure
out how to make one of these proposals work and get it implemented.
Start
Suresh Ramasubramanian wrote:
On Mon, Mar 17, 2008 at 6:38 PM, Jeff Aitken [EMAIL PROTECTED] wrote:
IMHO a better use of our time would be to solve the underlying technical
issue(s). Whether it's soBGP, sBGP, or something else, we need to figure
out how to make one of these proposals
Glen Kent wrote:
Do ISPs (PTA, AboveNet, etc) that unintentionally hijack someone
else IP address space, ever get penalized in *any* form?
The net only functions as a single entity because sp's intentionally
DONT hijack space and the mutual trust in other sp's rational behavior.
On Mon, Mar 17, 2008 at 8:48 PM, Larry J. Blunk [EMAIL PROTECTED] wrote:
RFC2827 is about source address filtering which
is not really the same as BGP route announcement
filtering. Unfortunately, I have not come across
Yup, radb etc for that. Not fully awake when I wrote that, and hit
On Mon, 17 Mar 2008, Larry J. Blunk wrote:
RFC2827 is about source address filtering which
is not really the same as BGP route announcement
filtering. Unfortunately, I have not come across
any RFC's with a thorough discussion of route
filtering. It is mentioned briefly in RFC 3013,
but
Paul,
Also: I have seen instances where a static route points to a next
hop that (inadvertently) may be redistribute-static injected into
BGP. This happens occasionally due to ad hoc configurations, back-
hole null routing, etc.
And why would an ISP locally try to blackhole traffic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Glen Kent [EMAIL PROTECTED] wrote:
If its done intentionally then it would only make sense if theres a
DOS attack coming from that address block, or if theres something
blasphemous put up there. If none of these, then why locally
blackhole
On Sun, Mar 16, 2008 at 2:07 AM, Glen Kent [EMAIL PROTECTED] wrote:
Paul,
Also: I have seen instances where a static route points to a next
hop that (inadvertently) may be redistribute-static injected into
BGP. This happens occasionally due to ad hoc configurations, back-
Thank guyz for your Help.
Above.net finaly resolved the issue
Regards
Felix
Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Glen Kent [EMAIL PROTECTED] wrote:
If its done intentionally then it would only make sense if theres a
DOS attack coming from that
Did they provide a reason for the outage? If so, please let us know
what the issue was.
Felix Bako wrote:
Thank guyz for your Help.
Above.net finaly resolved the issue
Regards
Felix
Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Glen Kent [EMAIL PROTECTED]
Christopher Morrow wrote:
I think it was Abovenet that blackholed a /24 of (I want to say MAPS,
but that's not right) an anti-spam-RBL sometime pre-1999?
If I'm not mistaken, that was ORBS.
perhaps they had a significant number of complaints about the address
block and no reaction from the
Kameron Gasso wrote:
Christopher Morrow wrote:
I think it was Abovenet that blackholed a /24 of (I want to say MAPS,
but that's not right) an anti-spam-RBL sometime pre-1999?
If I'm not mistaken, that was ORBS.
Correct. A particularly interesting case, since ORBS' transit provider
was
... Whoah.. expensive!
Gunther
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im
Auftrag von Felix Bako
Gesendet: Sonntag, 16. März 2008 09:05
An: Paul Ferguson
Cc: [EMAIL PROTECTED]; nanog@merit.edu
Betreff: Re: Kenyan Route Hijack
Thank guyz for your
On Mon, 17 Mar 2008, Alastair Johnson wrote:
Correct. A particularly interesting case, since ORBS' transit provider was
also a transit customer of Above.net. Said transit provider would announce
their /16s, of which ORBS sat in a /24 or two of, and have their traffic
blackholed.
IIRC
On Mar 16, 2008, at 2:36 AM, Christopher Morrow wrote:
I think it was Abovenet that blackholed a /24 of (I want to say MAPS,
but that's not right) an anti-spam-RBL sometime pre-1999?
ORBS, and the only reason it became such a big deal was that Abovenet
was the upstream of ORBS' upstream.
On March 16, 2008 at 06:25 [EMAIL PROTECTED] (Paul Ferguson) wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Glen Kent [EMAIL PROTECTED] wrote:
If its done intentionally then it would only make sense if theres a
DOS attack coming from that address block, or if theres
[EMAIL PROTECTED] (John Payne) writes:
I think it was Abovenet that blackholed a /24 of (I want to say MAPS,
but that's not right) an anti-spam-RBL sometime pre-1999?
ORBS, and the only reason it became such a big deal was that Abovenet was
the upstream of ORBS' upstream. And that's
[more accurate subject line]
On Mar 14, 2008, at 1:33 PM, Felix Bako wrote:
Hello,
There is a routing loop while accesing my network 194.9.82.0/24 from
some networks on the Internet.
| This is a test done from lg.above.net looking glass.
1 ten-gige-2-2.mpr2.ams2.nl.above.net
A bit more analysis of this at the moment, and a few recommendations
and related pointers is available here:
http://tinyurl.com/2nqg2a
-danny
Unlike the Youtube outage where PTA had issued a directive asking all
ISPs to block Youtube - What is the reason most often cited for such
mishaps? The reason i ask this is because the ISPs that
inadvertently hijack someone elses IP space, need to explicitly
configure *something* to do this. So,
On Sat, Mar 15, 2008 at 9:09 PM, Glen Kent [EMAIL PROTECTED] wrote:
Unlike the Youtube outage where PTA had issued a directive asking all
ISPs to block Youtube - What is the reason most often cited for such
mishaps? The reason i ask this is because the ISPs that
inadvertently hijack
A popular reason from longer ago was enterprises that used
arbitrary addresses for their internal networks,
which was safe because they'd never be connected to the real internet.
RFC1918 has made that problem mostly go away,
but as recently as 1995 I had a customer who was a bank that was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Bill Stewart [EMAIL PROTECTED] wrote:
I've seen two popular reasons for doing it accidentally
- Fat fingers when configuring IP addresses by hand
- Using old routing protocols such as IGRP or RIP and autosummarizing
routes,
usually done by a
On Sat, Mar 15, 2008, Danny McPherson wrote:
A bit more analysis of this at the moment, and a few recommendations
and related pointers is available here:
http://tinyurl.com/2nqg2a
Its a good writeup. :)
It almost sounds like Felix should talk to some friendly SP's and organise
/25
30 matches
Mail list logo
