--- mti...@globaltransit.net wrote:
From: Mark Tinka
A big fail to our community, for up to this day, not
implementing basic routing and forwarding filters that would
do away with all this cruft in the first place.
Clearly the Youtube/Pakistan/PCCW incident has long been
forgotten.
--
On Monday, February 06, 2012 06:47:23 PM Alex Band wrote:
> With regards to RPKI, I'd like to point out what is
> possible now, and what the maturity is of the
> implementations. All RIRs have a system up an running.
> As John Curran pointed out in an earlier message, ARIN
> will have a production
With regards to RPKI, I'd like to point out what is possible now, and what the
maturity is of the implementations. All RIRs have a system up an running. As
John Curran pointed out in an earlier message, ARIN will have a production
system up this year, but right now you can already gain experienc
That and rely on external telemetry (argus and friends..)
On Mon, Feb 6, 2012 at 1:29 PM, Mark Tinka wrote:
>
> Well, given validation information will be available within
> a network, one may use it in non-obvious ways to implement
> policy.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Monday, February 06, 2012 03:06:24 PM Christopher Morrow
wrote:
> do you have customers with 10k long prefix lists? it gets
> hard when the lists get long, or the data is for
> downstream folks of your customer. Good that someone's
> checking though, I'd love to see this part automated.
No, w
Le dimanche 05 février 2012 à 22:41 -0800, goe...@anime.net a écrit :
> On Mon, 6 Feb 2012, Christopher Morrow wrote:
> > why aren't filters applied at all?
>
> filters don't generate revenue.
... but at times, they prevent loss of... ...
mh
>
> -Dan
>
On Mon, Feb 6, 2012 at 1:35 AM, Mark Tinka wrote:
> On Monday, February 06, 2012 01:14:20 PM Christopher Morrow
> We manually check the RIR WHOIS database. I'm sure some
do you have customers with 10k long prefix lists? it gets hard when
the lists get long, or the data is for downstream folks of
On Monday, February 06, 2012 02:41:53 PM goe...@anime.net
wrote:
> filters don't generate revenue.
Neither does traffic - that does generate revenue - not
reaching your customer.
Mark.
signature.asc
Description: This is a digitally signed message part.
> To: Christopher Morrow
> Cc: nanog@nanog.org
> Subject: Re: Hijacked Network Ranges
>
> On Mon, 6 Feb 2012, Christopher Morrow wrote:
> > why aren't filters applied at all?
>
> filters don't generate revenue.
>
> -Dan
Don't agree with the i
On Mon, 6 Feb 2012, Christopher Morrow wrote:
why aren't filters applied at all?
filters don't generate revenue.
-Dan
On Monday, February 06, 2012 01:14:20 PM Christopher Morrow
wrote:
> o not having filters at all (pccw/pktel)
Well, we know what this leads to (part of the reasons you
find some eBGP sessions carrying /25's or longer + RFC 1918
space is because of this).
> o filtering using old/stale data
On Mon, Feb 6, 2012 at 12:07 AM, Mark Tinka wrote:
> It's 2012, we really shouldn't be seeing this type of thing
> anymore, particularly after what happened in Pakistan.
s/pakistan/pakistan,nyc(ntt),minneapolis(ntt),level3's incidents, .../
there's lots of people that have fallen victim of:
o
On Monday, February 06, 2012 12:26:51 PM Suresh
Ramasubramanian wrote:
> I had this happen to me in 2008 -
> http://www.gossamer-threads.com/lists/nanog/users/110097
> Total pain in the ass when it does happen. Funnily
> enough in that case it was another downstream of the
> same ISP who was pul
On Wednesday, February 01, 2012 12:10:32 PM George Bonser
wrote:
> Customer relationship with Kelvin's firm terminated and
> they contracted for service elsewhere but are apparently
> attempting to maintain the use of the address
> allocation(s) they received from Kelvin's firm. They
> apparentl
I had this happen to me in 2008 -
http://www.gossamer-threads.com/lists/nanog/users/110097
Total pain in the ass when it does happen. Funnily enough in that
case it was another downstream of the same ISP who was pulling this
stunt ..
--srs
On Mon, Feb 6, 2012 at 9:49 AM, Mark Tinka wrote:
>
>
>
On Wednesday, February 01, 2012 02:57:46 AM Tony McCrory
wrote:
> Surely something is better than nothing. Advertise the
> /24's and the /25's, see what happens.
The fact that the hijacking ISP's upstreams accepted routes
through their network that didn't belong to that ISP is bad
enough.
Th
On Tue, 31 Jan 2012 13:32:35 -0500, Chuck Church
wrote:
Shouldn't a forged LOA be justification to contact law enforcement?
It is, but if you want anything done about it before the polar ice caps
melt, you'll seek other paths as well.
a) law enforcement doesn't understand the problem. and
> -Original Message-
> From: John Schneider
> Sent: Tuesday, January 31, 2012 5:34 PM
> To: Kelvin Williams
> Subject: Re: Hijacked Network Ranges
>
> Another interesting thing that I noticed, is that AS33611 is not
> advertising any prefixes other than yours.
Another interesting thing that I noticed, is that AS33611 is not
advertising any prefixes other than yours. Either they do not have any of
their own (unlikely)
or they are advertising their own legitimate prefixes from another AS
however I doubt that is the case. It sounds like you were able to v
The interesting thing is that I'm not seeing any new "hosts" from those
subnets in passive dns. It almost seems that their purpose for
hijacking the space was to direct traffic to themselves, possibly for
collecting login attempts.
Andrew Fried
andrew.fr...@gmail.com
On 1/31/12 1:00 PM, Kelvin W
amp;view=all&count=1000
http://bgptables.merit.edu/prefix.php?z=&z=&prefixcw=68.66.112.0/20&view=all&count=1000
Hope that helps.
-manish
> Message: 7
> Date: Tue, 31 Jan 2012 22:06:03 +0200
> From: Ido Szargel
> To: "Schiller, Heather A" , Kelvin
>
174 12189 19181 33611 i
-Original Message-
From: Ido Szargel [mailto:i...@oasis-tech.net]
Sent: Tuesday, January 31, 2012 3:06 PM
To: Schiller, Heather A; Kelvin Williams; nanog@nanog.org
Subject: RE: Hijacked Network Ranges - paging Cogent and GBLX/L3
I would go at first by advert
I would go at first by advertising your prefixes as a /24 as well, just
randomly checked 2 different locations and the as-path to 11325 is shorter
than to 33611
This seems to be the case for customers of Tiscali and L3, so this will
probably get most of your traffic back to you...
Regards,
Ido
--
Sorry -- was looking at the wrong thing. Doh!
--heather
-Original Message-
From: Schiller, Heather A
Sent: Tuesday, January 31, 2012 3:05 PM
To: 'Keegan Holley'
Cc: Kelvin Williams; nanog@nanog.org
Subject: RE: Hijacked Network Ranges - paging Cogent and GBLX/L3
Looks
Looks fixed now..
--heather
-Original Message-
From: Keegan Holley [mailto:keegan.hol...@sungard.com]
Sent: Tuesday, January 31, 2012 2:50 PM
To: Schiller, Heather A
Cc: Kelvin Williams; nanog@nanog.org
Subject: Re: Hijacked Network Ranges - paging Cogent and GBLX/L3
To be honest I
To be honest I haven't had much success it convincing a tier 1 to
modify someone else's routes on my behalf for whatever reason. I also
have had limited success in getting them to do anything quickly. I'd
first look to modify your advertisements as much as possible to
mitigate the issue and then
Or roll it up hill:
33611 looks like they get transit from 19181, who's only upstream appears to be
12189.
12189 gets connectivity from 174 and 3549.
174 = Cogent
3549 = GBLX/L3
--Heather
-Original Message-
From: Kelvin Williams [mailto:kwilli...@altuscgi.com]
Sent: Tuesday, J
If you both announce a /24, the BGP route selection process should begin to
return some of the traffic to these prefixes back to your AS.
Also, if you begin to advertise your prefixes as /24s and as a result, they
try to advertise /25s, I would venture a guess that their /25s would
get blocked enti
I can routes are wrong for all /24 annoucements.
May be contacting Level3+Telia+AboveNet+Hurricane Electric since all these
are upstream providers of AS29791 which is your upstream carrier? I guess
they would be able to neutralize effect significantly by filtering those
routes?
On Wed, Feb 1, 20
Surely something is better than nothing. Advertise the /24's and the
/25's, see what happens.
At the least it's a step forwards until you get their routes filtered.
Tony
On 31 January 2012 18:22, Kelvin Williams wrote:
> Upstream requirements. Additionally, I don't believe it would do us any
We are.
On Tue, Jan 31, 2012 at 1:32 PM, Chuck Church wrote:
> Shouldn't a forged LOA be justification to contact law enforcement?
>
> Chuck
>
> -Original Message-
> From: Kelvin Williams [mailto:kwilli...@altuscgi.com]
> Sent: Tuesday, January 31, 2012 1:01 PM
> To: nanog@nanog.org
> Su
Shouldn't a forged LOA be justification to contact law enforcement?
Chuck
-Original Message-
From: Kelvin Williams [mailto:kwilli...@altuscgi.com]
Sent: Tuesday, January 31, 2012 1:01 PM
To: nanog@nanog.org
Subject: Hijacked Network Ranges
Greetings all.
We've been in a 12+ hour orde
On Tue, Jan 31, 2012 at 10:00 AM, Kelvin Williams
wrote:
> We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek Internet
> Exchange) immediately filter out network blocks that are being advertised
> by ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.
>
> [ ...snip...]
U
On Tue, Jan 31, 2012 at 10:19 AM, Grant Ridder wrote:
> Hi,
>
> What is keeping you from advertising a more specific route (i.e /25's)?
Most large transits and NSPs filter out prefixes more specific than a /24.
Conventionally, at least in my experience, /24's are the most-specific
prefix you can
2012/1/31 Justin M. Streiner
> On Tue, 31 Jan 2012, Grant Ridder wrote:
>
> What is keeping you from advertising a more specific route (i.e /25's)?
>>
>
> Many providers filter out anything longer (smaller) than /24.
>
Some will accept it but not propagate it upstream. This may be useful in
re
Upstream requirements. Additionally, I don't believe it would do us any
good. If they're announcing /24 now, why would they not announce a /25.
On Jan 31, 2012 1:19 PM, "Grant Ridder" wrote:
> Hi,
>
> What is keeping you from advertising a more specific route (i.e /25's)?
>
> -Grant
>
> On Tue, J
You can break your blocks into /24's or smaller and readvertise them to
your upstreams. You can also modify local preference using community tags
with most upstreams. If you have tier 1 peerings you may be able to get
them to filter the bad routes if you can prove they were assigned to you by
ARI
Many/most transit providers filter prefixes longer than /24, so the
effectiveness may be minimal.
At the very least I'd advertise /24s yourself because if the forger is
geographically further away, some local sites may still work. Better than
nothing.
On Tue, Jan 31, 2012 at 11:19 AM, Grant Ri
On Tue, 31 Jan 2012, Grant Ridder wrote:
What is keeping you from advertising a more specific route (i.e /25's)?
Many providers filter out anything longer (smaller) than /24.
jms
On Tue, Jan 31, 2012 at 12:00 PM, Kelvin Williams wrote:
Greetings all.
We've been in a 12+ hour ordeal reque
Hi,
What is keeping you from advertising a more specific route (i.e /25's)?
-Grant
On Tue, Jan 31, 2012 at 12:00 PM, Kelvin Williams wrote:
> Greetings all.
>
> We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek Internet
> Exchange) immediately filter out network blocks that are
40 matches
Mail list logo
