On Thu, 28 Aug 2008, Brian Dickson wrote:
However, if *AS-path* filtering is done based on IRR data, specifically
on the as-sets of customers and customers' customers etc., then the
attack *can* be prevented.
Yes, but I can't do this for everybody else. Doing AS-path and prefix
filtering
Is anyone from Hurricane Electric/TunnelBroker.net here?
BGP Update Report
Interval: 28-Jul-08 -to- 28-Aug-08 (32 days)
Observation Point: BGP Peering with AS2.0
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS9583 161731 2.9% 129.3 -- SIFY-AS-IN Sify Limited
2 - AS1803 102448 1.8%
This report has been generated at Fri Aug 29 21:18:25 2008 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
Jon Lewis wrote:
Do you utilize the IRR, have an as-set, and put all customer AS/CIDR's
into the IRR? I've honestly never heard from LVL3 about our
advertisements. Other providers have varied from just needing a web
form, email, phone call, or those combined with faxed LOAs. The
latter
I am doing some research for our company regarding 32 bit ASN numbers. I am
trying to locate information about vendor and service provider support. In
particular I have not been able to find what Cisco IOS image I would need to
load on our router to support 32 bit ASN's. I also want to know
These are the dates I have for Cisco platforms:
IOS XR 3.4 - September 2007
IOS 12.0(32)S11 - November 2008
IOS 12.2SRE - December 2008
IOS 12.5(1)T - April 2009
-Original Message-
From: andy lam [mailto:[EMAIL PROTECTED]
Sent: Friday, August 29, 2008 11:29 AM
To: [EMAIL
On Fri, 29 Aug 2008 05:44:28 +0530, Glen Kent said:
I understand, but the question is what if they dont?
If it's an alleged router, and it doesn't know how to frag a packet, it's
probably so brain-damaged that it can't send a recognizable 'Frag Needed'
ICMP back either. At that point, all bets
you might want to check the obvious first :)
http://www.tunnelbroker.net/forums/
[EMAIL PROTECTED]
On Fri, Aug 29, 2008 at 5:34 AM, Colin Alston [EMAIL PROTECTED] wrote:
Is anyone from Hurricane Electric/TunnelBroker.net here?
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to [EMAIL PROTECTED]
For historical data, please see http://thyme.apnic.net.
If you have any comments please contact Philip Smith [EMAIL
On 2008/08/29 07:45 PM Christian Koch wrote:
you might want to check the obvious first :)
http://www.tunnelbroker.net/forums/
[EMAIL PROTECTED]
Yes, problem was my prefix was routed wrong.. so trying to get to the
site was tedious and would have required turning off IPv6 only to turn
it on
Hi all.
This Washington Post story came out today:
http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as_major.html
In it, Brian Krebs discusses the SF Bay Area based Atrivo/Intercage, which
has been long named as a bad actor, accused of shuffling abuse reports to
Pender,
One small correction... For 7600, 12.2SR, the support would come out in
12.2SRD
Arie
On Fri, Aug 29, 2008 at 6:44 PM, Pender, James [EMAIL PROTECTED]wrote:
These are the dates I have for Cisco platforms:
IOS XR 3.4 - September 2007
IOS 12.0(32)S11 - November 2008
IOS 12.2SRE -
On Sat, Aug 30, 2008 at 1:32 AM, Gadi Evron [EMAIL PROTECTED] wrote:
2. On a different note, why is anyone still accepting their route
announcements? I know some among us re-route RBN traffic to protect users.
Do you see this as a valid solution for your networks?
What ASNs belong to Atrivo,
Concerning 32 bit AS numbers, are organizations which are granted 32 bit AS
numbers given any multicast address space?
If so is it possible to figure out what this space is from the ASN ala GLOP
(233.ASN.ASN.x)?
Thanks,
Haven Hash
On Fri, Aug 29, 2008 at 1:12 PM, Arie Vayner [EMAIL PROTECTED]
On Aug 29, 2008, at 4:50 PM, Haven Hash wrote:
Concerning 32 bit AS numbers, are organizations which are granted 32
bit AS
numbers given any multicast address space?
If so is it possible to figure out what this space is from the ASN
ala GLOP
(233.ASN.ASN.x)?
Yes, and yes.
The space
On Aug 29, 2008, at 4:58 PM, Marshall Eubanks wrote:
On Aug 29, 2008, at 4:50 PM, Haven Hash wrote:
Concerning 32 bit AS numbers, are organizations which are granted
32 bit AS
numbers given any multicast address space?
Oh, and there is a plan in the works to accommodate those with 32
Please allow me to change this:
I then would deaggregate (as little as possible) to be able to announce the
same more specific as the attacker.
to this:
Announce the same more specific as the attacker.
scott
--- [EMAIL PROTECTED] wrote:
From: Scott Weeks [EMAIL PROTECTED]
To: [EMAIL
--- [EMAIL PROTECTED] wrote: ---
From: Jason Fesler [EMAIL PROTECTED]
I am signed up for the Prefix Hijack Alert System
(phas.netsec.colostate.edu) and would be alerted in about 6 hours (or
less?) about a prefix announcement change.
Would the alerts go to a mail server behind said
On Fri, 29 Aug 2008, Scott Weeks wrote:
I am signed up for the Prefix Hijack Alert System
(phas.netsec.colostate.edu) and would be alerted in about 6 hours (or
less?) about a prefix announcement change.
I then would deaggregate (as little as possible) to be able to announce
the same more
Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
good-bye to Atrivo/Intercage), it looks like they are no longer their
upstream:
http://cidr-report.org/cgi-bin/as-report?as=AS27595v=4view=2.0
Marc
SANS ISC
-Original Message-
From: Gadi Evron [mailto:[EMAIL
Correct, as you would then be contending with the path length portion of the 10
determistic citeria in the bgp protocol.
- Original Message -
From: Scott Weeks [EMAIL PROTECTED]
Sent: 08/29/2008 04:06 PM MST
To: [EMAIL PROTECTED]
Subject: Re: BGP Attack - Best Defense ?
---
On Fri, 29 Aug 2008, Marc Sachs wrote:
Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
good-bye to Atrivo/Intercage), it looks like they are no longer their
upstream:
http://cidr-report.org/cgi-bin/as-report?as=AS27595v=4view=2.0
Current peers:
-- [EMAIL PROTECTED] wrote: -
You need to contact 1st their directly connected provider, 2nd contact your
upstream provider and ask that they contact their peers and negate the
announcement. 3rd if this is an ARIN provided block contact them as you do pay
for your allocation and
Goto www.traceroute.org for a very comprehensive looking glass and routeview
servers list. You can then determine how succesful your attempts to quell an
attack are.
- Original Message -
From: Scott Weeks [EMAIL PROTECTED]
Sent: 08/29/2008 04:06 PM MST
To: [EMAIL PROTECTED]
Subject:
On Aug 29, 2008, at 6:08 PM, Owen DeLong wrote:
Marshal,
Since his question was specifically about I don't see the answer
in either of the places you referenced
Sorry, I was too eager to respond. The assignees of the 32 bit ASN
will have to ask for
space from IANA from the former
- Original Message -
Let's say the attacker is announcing one or more /24s of mine and announcing a
more specific is not possible. I figure it out somehow and begin announcing
the same. The attacker doesn't stop his attack. What happens? The part of
the internet closest in
On Fri, Aug 29, 2008 at 19:14, Gadi Evron [EMAIL PROTECTED] wrote:
On Fri, 29 Aug 2008, Marc Sachs wrote:
Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
good-bye to Atrivo/Intercage), it looks like they are no longer their
upstream:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Marc Sachs [EMAIL PROTECTED] wrote:
Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
good-bye to Atrivo/Intercage), it looks like they are no longer their
upstream:
Announcing a smaller bit of one of you block is fine, more then that
most everyone I know does it or has done and is commonly accepted.
Breaking up someone else' s block and making that announcement even if
its to modify traffic between 2 peered networks is typically not
looked as proper. Modify
On Sat, 30 Aug 2008, Paul Ferguson wrote:
I applaud GLBX's move to disconnect Atrivo/Intercage.
What the Armin/McQuaid/Jonkman report [1] documented are activities
that many of us in the security community have known for a couple
of years.
One thing that Krebs _didn't_ mention in his WaPo
On Fri, Aug 29, 2008, jim deleskie wrote:
Announcing a smaller bit of one of you block is fine, more then that
most everyone I know does it or has done and is commonly accepted.
Breaking up someone else' s block and making that announcement even if
its to modify traffic between 2 peered
I'm afraid of the answer to that question
On Fri, Aug 29, 2008 at 11:25 PM, Adrian Chadd [EMAIL PROTECTED] wrote:
On Fri, Aug 29, 2008, jim deleskie wrote:
Announcing a smaller bit of one of you block is fine, more then that
most everyone I know does it or has done and is commonly accepted.
On Aug 29, 2008, at 22:41, jim deleskie [EMAIL PROTECTED] wrote:
I'm afraid of the answer to that question
No you are not, since you already know the answer.
--
TTFN,
patrick
On Fri, Aug 29, 2008 at 11:25 PM, Adrian Chadd
[EMAIL PROTECTED] wrote:
On Fri, Aug 29, 2008, jim deleskie
On 30/08/2008, at 9:58 AM, Florian Weimer wrote:
* Alex Pilosov:
We've demonstrated ability to monitor traffic to arbitrary
prefixes. Slides for presentation can be found here:
http://eng.5ninesdata.com/~tkapela/iphd-2.ppt
The interesting question is whether it's acceptable to use this
35 matches
Mail list logo
