On Thu, 9 Nov 2006, Josh Karlin wrote:
Read Joe's PPT. All explained there.
Hank Nussbacher
http://www.interall.co.il
Wouldn't they want to hijack more specifics to spam? I doubt much of
that space is going to correctly route for spamming purposes.
"Centralised switching guarantees QOS!" Keep saying it and it might be true!
On 11/9/06, Sean Donelan <[EMAIL PROTECTED]> wrote:
On Tue, 7 Nov 2006, Chris L. Morrow wrote:
>> Working with 2 other carriers on a similar issue, response I rec'd was
>> congestion due to automated political dialers
BGP Update Report
Interval: 27-Oct-06 -to- 05-Nov-06 (10 days)
Observation Point: BGP Peering with AS4637
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS13156 17582 2.2% 279.1 -- AS13156 Cabovisao,SA
2 - AS337839110 1.2%
This report has been generated at Fri Nov 10 21:40:01 2006 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table Hist
the preso link is below, you didnt read it yet.. :)
you can hijack any address space providing your route is preferred either
because it is more specific, less specific, shorter as-path..
Steve
On Thu, Nov 09, 2006 at 10:59:20PM -0700, Josh Karlin wrote:
>
> Wouldn't they want to hijack more
On Fri, Nov 10, 2006 at 01:25:05AM -0500, Robert Boyle wrote:
> At 06:58 PM 11/9/2006, you wrote:
> >automatic systems are fine if you decide you want to do them, i was
> >specifically responding to the author who suggested he would build
> >the filters himself, my point was that this seemingly
> > The craziest stuff that gets announced isnt in the
> > reserved/unallocated realm anyway so the effort seems to be
> > disproportional to the benefits... and most issues I read about with
> > reserved space is packets coming FROM them not TO them
>
> Steve's 100% spot-on here. I don't ha
> My question to the community is,
> what kind of misconfiguration could cause this set of prefixes to be
> announced?
> 11.0.0.0/8
> 12.0.0.0/7
> 121.0.0.0/8
> 122.0.0.0/7
> 124.0.0.0/7
> 126.0.0.0/8
> 128.0.0.0/3
etc ...
This looks to me like some large multinational leaked
their internal an
On Fri, 10 Nov 2006, [EMAIL PROTECTED] wrote:
>
> If there were some way to have a feed of real bogons,
> i.e. address prefixes that are *KNOWN* to be bogus at
> the point in time they are in the feed, that would be
> useful for filtering. And it would likely be a best practice
> to use such a fee
> WRT acls, I would suggest any acl is a bad idea and only a dynamic
> system such as rpf should be used, this is because manual filters
> that deny bogons has the same issue as BGP filtering in that it can
> go stale and you drop newly allocated space.
Your comment implies that ACLs are stat
> > If there were some way to have a feed of real bogons,
> > i.e. address prefixes that are *KNOWN* to be bogus at
> > the point in time they are in the feed, that would be
> > useful for filtering. And it would likely be a best practice
> > to use such a feed.
> >
> > But at the present time, su
On Fri, Nov 10, 2006 at 01:18:02PM +, [EMAIL PROTECTED] wrote:
>
> > WRT acls, I would suggest any acl is a bad idea and only a dynamic
> > system such as rpf should be used, this is because manual filters
> > that deny bogons has the same issue as BGP filtering in that it can
> > go stale
On Fri, Nov 10, 2006 at 12:54:28PM +, [EMAIL PROTECTED] wrote:
>
> > > The craziest stuff that gets announced isnt in the
> > > reserved/unallocated realm anyway so the effort seems to be
> > > disproportional to the benefits... and most issues I read about with
> > > reserved space is packet
> how about PORN-SOURCE, COMMUNIST-SOURCE, DEMOCRACY-SOURCE,
> TERRORIST-SOURCE, RIGHT-WING-CHRISTIAN-SOURCE,
COURT-ISSUED-LIBEL-CASE-SOURCE
>
> be careful before you open such a pandoras box...
The box was opened a long time ago. In an Internet
context, there are many email blacklists which
Charlie said:
> I would be interested in comparing notes with anybody else
> affected by the issue - or if anybody has heard an actual
> explanation from Sprint/L3.
Things started to clear up for us at around 1443 Central, so it wasn't
too long after I posted my original inquiry to the list. B
> Wouldn't they want to hijack more specifics to spam?
no. see nick feamster's work, and the lightning talk i proxied
for him in dallas.
randy
> Wouldn't they want to hijack more specifics to spam?
no. see nick feamster's work, and the lightning talk i proxied
for him in dallas.
randy
Right, you might want to announce less specifics so that you go
unnoticed and then you can spam from blocks not in use. I'm just
somewhat surprised
On Fri, Nov 10, 2006 at 05:55:40AM -1000, Randy Bush wrote:
>
> > Wouldn't they want to hijack more specifics to spam?
>
> no. see nick feamster's work, and the lightning talk i proxied
> for him in dallas.
Here are the links from our observations on this, from our Feb NANOG talk:
http://www.n
On Fri, Nov 10, 2006 at 11:01:02AM +, [EMAIL PROTECTED] wrote:
>
> the preso link is below, you didnt read it yet.. :)
>
> you can hijack any address space providing your route is preferred either
> because it is more specific, less specific, shorter as-path..
Slides 13-15 of our Feb 2006
On Fri, Nov 10, 2006 at 07:20:10AM +0200, Hank Nussbacher wrote:
> AS29449 is not the problem. It is the upstreams of AS5602 (KPNQwest
> Italia) and AS286 (KPN) that let this crap leak.
In fact, it may not even be the immediate upstreams. In our paper, we
describe specific examples where it's
cidr-report writes:
> Recent Table History
> Date PrefixesCIDR Agg
> 03-11-06199409 129843
[...]
> 10-11-06 134555024 129854
Growth of the "global routing table" really picked up pace this week!
(But maybe I'm just hallucinating for having heard th
Indeed -- it apears to have flaked out a bit this (IETF) week. :-)
Date PrefixesCIDR Aggregated
04-11-06 199323 129829
05-11-06 199330 129854
06-11-06 199273 129854
07-11-06 -1077937252 129854
08-11-06
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to [EMAIL PROTECTED]
For historical data, please see http://thyme.apnic.net.
If you have any comments please contact Philip Smith <[EMAIL PROTECTED
Any Charter.net mail admins around? I'd love to hear from one.
Regards,
Steve
> I'm just somewhat surprised that they would announce /3's, /6's,
> and /7's and be so incredibly obvious about it
if it was incredibly obvious, why did it take us so long to see it?
and no, please let's not all have a "i saw it first" contest.
randy
S. Ryan wrote:
Any Charter.net mail admins around? I'd love to hear from one.
Regards,
Steve
I got some contacts there that I had to use when there mail servers were
not accepting mail. Hold on let me dig them up, I think they're on my
laptop. I'll follow up with you in ~20 - 40 minutes.
Steve,
February 4-7?
That would be Sunday through Wednesday... is this correct?
Did I miss something at the last NANOG meeting? :-)
Thanks,
- ferg
-- Steve Feldman <[EMAIL PROTECTED]> wrote:
The North American Network Operators' Group (NANOG) will hold its
39th meeting February 4-7, 2007,
It's the new "normal" Monday-Wednesday schedule, with a newcomers
reception and community meeting Sunday afternoon.
We started doing that at the winter meeting, but couldn't in
St. Louis due to ARIN's schedule.
Steve
On Nov 11, 2006, at 6:49 AM, Fergie wrote:
Steve,
February 4-7?
T
28 matches
Mail list logo
