Re: How to find all of an ISP's ASNs

[Curtis Doty]

On Tue, Oct 25, 2016 at 9:03 PM, Hank Nussbacher 
wrote:

> and if that doesn't work try:
> http://bgp.he.net/AS3356#_graph4
> [replace the ASN with the ASN of your choice to see the interconnections.]
>

​Doesn't always work--as it will only show upstream ASNs.

For example, Comcast's backbone AS interconnects their regional ASNs.
However, the regionals don't show up on http://bgp.he.net/AS7922#_graph4 so
you'd need to find all of them first...with something like
http://bgp.he.net/search?search[search]=Comcast and/or consult your
favorite route server.

Also Gary, keep in mind these aren't static. I.e. new AS are added/removed
over time. And inferred policy (i.e. hub/spoke) could change too.

But I'm still curious...how to you propose to filter by AS?

And what if your neighbor (inside one of those permitted AS) is
compromised? You've just re-exposed your IoT devices' soft white underbelly
again. :-(

../C
​

Re: BGPMON Alert Questions

[Curtis Doty]

On Wed, Apr 2, 2014 at 1:24 PM, Blake Dunlap iki...@gmail.com wrote:

 Is this malicious or did someone redistribute all of bgp with bad upstream
 filtering?



They perfectly re-advertized all mine. Loos like a huge mistake. And still
ongoing.

Although this was nice to see:


RPKI Validation Failed (Code: 9)

Your prefix:  199.47.80.0/21:
Prefix Description:   NET-199-47-80-0-1
Update time:  2014-04-02 20:29 (UTC)
Detected by #peers:   1
Detected prefix:  199.47.80.0/21
Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
Provider,ID)
Upstream AS:  AS4651 (THAI-GATEWAY The Communications Authority of
Thailand(CAT),TH)
ASpath:   18356 38794 4651 4761
RPKI Status:  ROA validation failed: Invalid Origin ASN, expected
46851

Albeit ineffective.

../C

Re: BGP multihoming with two address spaces

[Curtis Doty]

According to telnet://route-server.twtelecom.net and
http://lookingglass.level3.net/bgp/lg_bgp_main.php BGP is working as
designed. Your single prepend on one prefix with TWTC causes a slight
preference for LVL3. Add another prepend if you want to further balance
your ingress load away from TWTC.

Or for more coarse adjustment, use the TWTC feature communities to reduce
their local preference below that of customer default (115 for TWTC). Use
4323:100 for transit default.

../C



On Wed, Jan 29, 2014 at 3:32 AM, Joseph Jenkins
j...@breathe-underwater.comwrote:

 I am seeking some feedback/help with my BGP configuration.  I am peering
 with two providers level3 and tw.  Unfortunately all of my address spaces
 are preferring the route over tw rather than level3.  I have tried
 Prepending my AS and the carriers AS to the path on the tw side and I see
 those update being accepted by internet routers, but everyone is still
 preferring to install the tw routes rather than level3.  I was trying to
 advertise each provider's address space out their connections and then use
 the other for backup.  Now however everything is coming in through tw and
 no one seems to like level3.


 Thanks in advance for any guidance or assistance.

 Joe

Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds

[Curtis Doty]

On Thu, Jan 16, 2014 at 11:04 AM, John Levine jo...@iecc.com wrote:

 If you're a tiny little network, you can
 use the public DNS servers for the BL lookups, and you can
 FTP the text version of DROP and turn in into firewall
 rules or whatever.  That's what I do (hack perl scripts
 available on request.)


Here's working Bash script to sync the freely available DROP/EDROP lists
into a quagga/linux route server. https://gist.github.com/dotysan/8463112

I ran that awhile back without issue. But not anymore. Last year I added
the $250/yr BOTNETCC list which is BGP-only. And it was too convenient to
move the DROP/EDROP lists into BGP for an additional $250.

It works as advertized. The BOTNETCC list is only v4/32s and more dynamic
than the other lists. It's up to you to set it up correctly so an accident
doesn't blackhole your own prefixes...or favorite offshore gambling site.
:-p

../C