[EMAIL PROTECTED] wrote:
Do malicious BGP tables mess up just *your* domains or all domains/routers on
'Net? If just *your* router then BGP is *not* a threat to *entire*
Net.
BGP tables propagate out as far as they can go.
I'm skeptical malicious BGP tables could mess up all domains cuz by
now someone would have done this & it hasn't happened!
router bgp {my numbers}
bgp log-neighbor-changes
network 64.162.99.0 mask 255.255.255.0
network 64.164.164.0 mask 255.255.255.0
network 209.79.28.0 mask 255.255.254.0
neighbor 64.160.139.X remote-as {their numbers}
neighbor 64.160.139.X description ** Peer with SBC **
neighbor 64.160.139.X version 4
neighbor 64.160.139.X soft-reconfiguration inbound
neighbor 64.160.139.X password 7 {you don't get this}
neighbor 64.160.139.X filter-list 2 out
no auto-summary
This configuration shows that I actively advertize 64.162.99.0/24,
64.164.164.0/24, and 209.79.28.0/23 for a total of about 1024 IP
addresses (not all of them usable). Imagine if I began advertizing, say,
24.0.0.0/8 (around 16777216 addresses)? Everyone on a cable modem
would suddenly find their packets routed through a half-channel DS3 in
Irvine. Traffic would grind to a halt as the DS3 would saturate both up
and down in a matter of minutes. Imagine if I did the same for most of
the major residential ISPs in the country.
On the other hand, fortunately most ISPs are on top of this, so the
damage would be rectified rather quickly as they'd simply change my
peering to read-only, drop the bad route, and perhaps even shut off my
circuit if the damage was bad enough. I'd also get seven phone calls in
the span of 10 minutes telling me I seriously screwed the pooch with my
routing tables. This doesn't even count the snarling from angry
customers wondering why their systems are inaccessable ...
anyhow, back to work for me.
-kelsey
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
