Re: Tracking spoofed routes?
Kevin, I am seeking avenues to investigate a possible case of IP address spoofing. I've recently received complaints which suggest that in the recent past (but not right now), somebody may have announced a more specific prefix, effectively hijacking unused address space within our allocated range. As it happens, the address space is not unused, just not visible on the public Internet. I am aware of route reflectors and other options to manually review what prefixes are currently announced, but have not been able to find a *searchable* archive of historical data, either overall BGP tables or just unusual announcements. The closest thing I've found so far is Route Views (http://www.routeviews.org/), however there is no obvious way to search the (huge) archived data files for substring matches? We're involved in trying to build database front ends for the data so you can do just this sort of thing. But right now, we're a little stuck. One thing you might try is using BGPlay to watch what happens to your prefix. Alternately, are there any existing mechanisms for monitoring route announcements which can provide near real-time alerting when any prefixes within specific subnet ranges are announced? Not that I know of. You can log into route-views.routeviews.org and use the cli to watch it, but that is a manual process. Hope this helps, Dave
AW: Tracking spoofed routes?
-Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von David Meyer Gesendet: Mittwoch, 05. Jänner 2005 16:06 An: Kevin Cc: nanog@merit.edu; [EMAIL PROTECTED] Betreff: Re: Tracking spoofed routes? Alternately, are there any existing mechanisms for monitoring route announcements which can provide near real-time alerting when any prefixes within specific subnet ranges are announced? Not that I know of. You can log into route-views.routeviews.org and use the cli to watch it, but that is a manual process. Hope this helps, Dave To my knowledge, the myas-tool/-service from RIPE NCC is kind of doing what you like to achive. Florian
Re: Smallest Transit MTU
On Wed, Dec 29, 2004 at 05:04:11PM -0500, Joe Abley wrote: On 29 Dec 2004, at 16:33, Tony Rall wrote: But that only affects tcp traffic - it does nothing to help other protocols. Are there any common examples of the DF bit being set on non-TCP packets? [EMAIL PROTECTED] sabri]# host -t ns verisign.com 192.5.6.30 Using domain server 192.5.6.30: verisign.com name server bay-w1-inf5.verisign.net [EMAIL PROTECTED] root]# tcpdump -Xn host 192.5.6.30 tcpdump: listening on fxp0 17:37:53.124955 217.69.153.39.55058 192.5.6.30.53: 58565+ NS? verisign.com. (30) 0x 4500 003a 5f10 4011 e312 d945 9927E..:[EMAIL PROTECTED]' 0x0010 c005 061e d712 0035 0026 8ac9 e4c5 0100...5... 0x0020 0001 0876 6572 6973 6967.verisig 0x0030 6e03 636f 6d00 0002 0001 n.com. 17:37:53.216656 192.5.6.30.53 217.69.153.39.55058: 58565- 3/0/3 NS[|domain] (DF) 0x 4500 00ca 4000 3111 1093 c005 061e[EMAIL PROTECTED] 0x0010 d945 9927 0035 d712 00b6 1b79 e4c5 8100.E.'.5.y 0x0020 0001 0003 0003 0876 6572 6973 6967.verisig 0x0030 6e03 636f 6d00 0002 0001 c00c 0002 0001n.com... 0x0040 0002 a300 001a 0b62 6179 2d77 312d 696e...bay-w1-in 0x0050 6635 f5 Here you go. A root-nameserver setting the DF-bit on its replies :) -- Sabri Berisha, SAB666-RIPE - I route, therefore you are http://www.cluecentral.net - http://www.virt-ix.net http://www.bash.org/?78486
Re: Proposed list charter/AUP change?
Bill Nash wrote: On/off topic is very relevant, since it determines moderator involvement. Many people feel moderation is broken, and topical candidates are an element of it. Seeing post after post from people who feel they've been unfairly sanctioned, or having clueful users appearing on virtual milk cartons is a problem. Fix it. https://lists.bgp4.net/mailman/listinfo/netops
Re: Proposed list charter/AUP change?
On Wed, 5 Jan 2005, Janet Sullivan wrote: Bill Nash wrote: On/off topic is very relevant, since it determines moderator involvement. Many people feel moderation is broken, and topical candidates are an element of it. Seeing post after post from people who feel they've been unfairly sanctioned, or having clueful users appearing on virtual milk cartons is a problem. Fix it. https://lists.bgp4.net/mailman/listinfo/netops This is an excellent point to bring up, and it's good to have alternative forums. But. It's a band-aid, in the short term, and won't do much to 'unalienate' (disalienate?) those who have departed, by choice or otherwise, because of moderator actions. - billn
Re: Proposed list charter/AUP change?
On Wed, 2005-01-05 at 10:56 -0800, Bill Nash wrote: But. It's a band-aid, in the short term, and won't do much to 'unalienate' (disalienate?) those who have departed, by choice or otherwise, because of moderator actions. Perhaps, just perhaps, the best advice for NANOG is *less* moderation, more acceptance of diverse opinions, and even greater self-control. Alternatively having the mailinglist MTA rate-limit posts might not be a bad thing either. -Jim P.
ip swip look up
Any one know of a tool to look up how many IPs are SWIPd to a company. i.e. I would like to know the IPs I have SWIPd with my company name? Thanks in advance! Best Wishes, Blake L. Smith XtremeBandwidth.com, Inc. 949-330-6400 Office 949-606-7100 Fax www.XtremeBandwidth.com
soliciting agenda topics for the sunday night meeting
so far Daniel Golding [EMAIL PROTECTED] has asked for a slot to present a half dozen slides on what he calls a nanog reform proposal, so the agenda for sunday night is: --- intro/overview martin hannigan5 minutes paul vixie (moderators) reform proposaldan golding15 minutes (et al) --- anybody else got anything else? send to martin, myself, both of us, or the nanog@ mailing list if you want to put something on the sunday night agenda. -- paul vixie martin hannigan (moderators)
Re: Proposed list charter/AUP change?
[EMAIL PROTECTED] (Jim Popovitch) writes: Perhaps, just perhaps, the best advice for NANOG is *less* moderation, more acceptance of diverse opinions, and even greater self-control. there's an ideal range of overall volume and debris quotient for any given population. clamp it too low and you shut off creativity. clamp it too high and you lose readers up to and including critical mass. single-ended recommendations like less moderation or more moderation are unlikely to do much good. recommendations like more transparency in moderation and more objectivity/representation in moderation seem, to me, to be more apropos. but then, that's why we're all meeting sunday night in LV NV, right? Alternatively having the mailinglist MTA rate-limit posts might not be a bad thing either. i don't think this would help much, either. stepping on a marble hurts and unbalances you just as much if you step on 100 marbles at once or if you step on one per hour. some kind of feedback/reinforcement loop has been a nec'y component of all useful forums in human history. making it volume dependent can't be good -- there are people i won't read at all and there are others i'll read all day long. so it must be for everybody here. -- Paul Vixie
Re: soliciting agenda topics for the sunday night meeting
is this at the rio? if so which conf. room? i refer of course to http://www.nanog.org/mtg-0501/coordination.html, although there is really only one steve feldman and he does not work for verisign. martin hannigan, missing from the list of speakers/moderators as of this moment, actually does work for verisign. anyway, it's betty's party and so she'll also speak and moderate, but we need a more inclusive agenda than the three points shown at the above url. therefore i shall repeat: | anybody else got anything else? send to martin, myself, both of us, or | the nanog@ mailing list if you want to put something on the sunday night | agenda. except, you can also send to steve feldman (the c|net one not the verisign one) if you'd like something added to the agenda for sunday night. and no, i don't know if it's at the rio or in what conference room. but i'm very sure that there will be signs near the registration area and/or terminal room and/or noc area, so wander around, you're sure to find us.
Re: soliciting agenda topics for the sunday night meeting
i refer of course to http://www.nanog.org/mtg-0501/coordination.html, although there is really only one steve feldman and he does not work for verisign. martin hannigan, missing from the list of speakers/moderators as of this moment, actually does work for verisign. Oopsie - it's fixed now. anyway, it's betty's party and so she'll also speak and moderate, but we need a more inclusive agenda than the three points shown at the above url. therefore i shall repeat: | anybody else got anything else? send to martin, myself, both of us, or | the nanog@ mailing list if you want to put something on the sunday night | agenda. except, you can also send to steve feldman (the c|net one not the verisign one) if you'd like something added to the agenda for sunday night. and no, i don't know if it's at the rio or in what conference room. but i'm very sure that there will be signs near the registration area and/or terminal room and/or noc area, so wander around, you're sure to find us. We will indeed be at the Rio, room TBA.
Re: Proposed list charter/AUP change?
Hannigan, Martin wrote: To me, it's not a productive effort to micro-manage(or MERIT) the list via the FAQ. The FAQ is a traditional and historically acceptable method of answering questions that are bound to come up repeatedly as a primary result of new participants from any source. Micro-managing isn't a good idea, period. Having actual answers available in the FAQ *is* a good idea. -- JustThe.net Internet New Media Services, http://JustThe.net/ Steven J. Sobol, Geek In Charge / 888.480.4NET (4638) / [EMAIL PROTECTED] PGP Key available from your friendly local key server (0xE3AE35ED) Apple Valley, California Nothing scares me anymore. I have three kids.
Re: soliciting agenda topics for the sunday night meeting
except, you can also send to steve feldman (the c|net one not the verisign one) if you'd like something added to the agenda for sunday night. A clarification and disclaimer: my role in this is to give a brief overview of how the program committee reviews and selects talks. So I'll be there partly as a representative of the establishment. (Not that I don't have my own opinions, so I will endeavor to make it clear whether I'm speaking for the pc or for myself.) Paul and Martin, who have no such encumbrances, will be moderating the open discussion part of the meeting. Steve
