Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates
On Feb 25, 2008, at 11:40 AM, [EMAIL PROTECTED] wrote: I've only dealt with a handful of the bigger networks, but every transit BGP session I've ever been the customer role on has been filtered by the provider. From memory and in no particular order, that's UUNet, Level3, Digex, Intermedia, Global Crossing, Genuity, Sprint, Above.net, Time Warner, C&W, MCI, XO, Broadwing, and a few smaller ones nobody's likely to have heard of. There's at least one reasonably big transit provider that does *not* do prefix filtering: TeliaSonera (AS 1299). They *do* perform as-path filtering, but the effectiveness is disputable... No, the effectiveness is not disputable. It is guaranteed to be sub- optimal. This is not in doubt or question. See, as has been quoted many times, as7007. -- TTFN, patrick
Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates
> I've only dealt with a handful of the bigger networks, but every transit > BGP session I've ever been the customer role on has been filtered by the > provider. From memory and in no particular order, that's UUNet, Level3, > Digex, Intermedia, Global Crossing, Genuity, Sprint, Above.net, Time > Warner, C&W, MCI, XO, Broadwing, and a few smaller ones nobody's likely to > have heard of. There's at least one reasonably big transit provider that does *not* do prefix filtering: TeliaSonera (AS 1299). They *do* perform as-path filtering, but the effectiveness is disputable... > As an ISP providing transit, all of our customers get prefix-filtered. Same here. Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking)
On Mon, Feb 25, 2008 at 09:28:47AM -0500, Jon Lewis wrote: > I've only dealt with a handful of the bigger networks, but every transit > BGP session I've ever been the customer role on has been filtered by the > provider. From memory and in no particular order, that's UUNet, Level3, > Digex, Intermedia, Global Crossing, Genuity, Sprint, Above.net, Time > Warner, C&W, MCI, XO, Broadwing, and a few smaller ones nobody's likely to > have heard of. We take transit from some of these providers, and I we have a slightly different experience. While it's not quite a free-for-all, some have implemented a limit on the number of announced prefixes without any restriction to specific space. We found this out after AboveNet dampened us for announcing too many routes. No one there could ever produce any substantial evidence of that, or provide us a single example of one of these routes - but we were told it was strictly the number of prefixes that mattered. I know that I provide newly assigned prefixes to our providers, which includes PCCW. If those make it into a prefix-list at PCCW though, I don't really know for sure. -- Ross Vandegrift [EMAIL PROTECTED] "The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell." --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking)
On Mon, 25 Feb 2008, Hank Nussbacher wrote: For us who actually have customers we care about, we probably find it better for business to try to make sure our own customers can't announce prefixes they don't own, but accept basically anything from the world that isn't ours. You are a distinct minority. My experience has shown that most ISPs don't give a sh*t about filtering what their customers can announce so what has happened, will continue to happen. I've only dealt with a handful of the bigger networks, but every transit BGP session I've ever been the customer role on has been filtered by the provider. From memory and in no particular order, that's UUNet, Level3, Digex, Intermedia, Global Crossing, Genuity, Sprint, Above.net, Time Warner, C&W, MCI, XO, Broadwing, and a few smaller ones nobody's likely to have heard of. As an ISP providing transit, all of our customers get prefix-filtered. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking)
At 12:13 AM 25-02-08 +0100, Mikael Abrahamsson wrote: For us who actually have customers we care about, we probably find it better for business to try to make sure our own customers can't announce prefixes they don't own, but accept basically anything from the world that isn't ours. You are a distinct minority. My experience has shown that most ISPs don't give a sh*t about filtering what their customers can announce so what has happened, will continue to happen. -Hank
Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking)
Jeroen Massar wrote: * PHAS: A Prefix Hijack Alert System http://irl.cs.ucla.edu/papers/originChange.pdf (A live/direct BGP-feed version of this would be neat) Does PHAS still work? I tried to submit a request to subscribe a few weeks ago and never heard back from their automated system. I figured the project was terminated but the site was still up. Justin
Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking)
On Sun, 24 Feb 2008, Jeroen Massar wrote: * Routing Registry checking, as per the above two rr.arin.net & whois.ripe.net contains all the data you need Networks who are not in there are simply not important enough to exist on the internet as clearly those ops folks don't care about their network... For us who actually have customers we care about, we probably find it better for business to try to make sure our own customers can't announce prefixes they don't own, but accept basically anything from the world that isn't ours. Using pure RR based filtering just isn't cost efficient today, as these borks (unintentional mostly) we see sometimes are few and fairly far between, but problems due to wrong or missing information in the RRs is plentyful and constant. -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking)
First the operational portion: For all the affected network owners, please read and start using/implement one of the following excellent ideas: * Pretty Good BGP and the Internet Alert Registry http://www.nanog.org/mtg-0606/pdf/josh-karlin.pdf * PHAS: A Prefix Hijack Alert System http://irl.cs.ucla.edu/papers/originChange.pdf (A live/direct BGP-feed version of this would be neat) * Routing Registry checking, as per the above two rr.arin.net & whois.ripe.net contains all the data you need Networks who are not in there are simply not important enough to exist on the internet as clearly those ops folks don't care about their network... Of course there is also (S-)BGP(-S), but that will apparently never happen, and actually, with the a system like PGBGP or PHAS one already covers quite a bit of the issue, until a real hijacker just uses the original ASN. IRR data helps there partially though as it tends to have upstream/downstream information, but it doesn't cover all cases. For the rest google(bgp monitor hijack) for a list of other things. Now for the sillynesss Max Tulyev wrote: I think it was NOT a typo. This was a test, much more important test for this world than last american anti-satellite missile. And if they do it again with more mind, site will became down for a weeks at least... More of that, if big national telecom operator did it and have neighbors to filter them out - it can lead to global split of the network. Of course, it should be happened early or late with THIS design of the Network. Oh boy oh boy, I just have to comment on this :) Wow, somebody with an email address like yours, especially the president and the .su bit are amusing, is commenting on another country doing 'tests'!? You might actually try keeping your bombers closer to the shores instead of trying to play chicken with the USS Nimitz :) http://www.upi.com/NewsTrack/Top_News/2008/02/11/russian_bomber_buzzes_nimitz/5914/ In Soviet Russia the Internet hijacks you? Please folks, keep the posts operational :) Greets, Jeroen signature.asc Description: OpenPGP digital signature
