On Mon, 17 Mar 2008, Larry J. Blunk wrote:
RFC2827 is about source address filtering which
is not really the same as BGP route announcement
filtering. Unfortunately, I have not come across
any RFC's with a thorough discussion of route
filtering. It is mentioned briefly in RFC 3013,
but secti
On Mon, Mar 17, 2008 at 8:48 PM, Larry J. Blunk <[EMAIL PROTECTED]> wrote:
>RFC2827 is about source address filtering which
> is not really the same as BGP route announcement
> filtering. Unfortunately, I have not come across
Yup, radb etc for that. Not fully awake when I wrote that, and h
Glen Kent wrote:
Do ISPs (PTA, AboveNet, etc) that "unintentionally" hijack someone
else IP address space, ever get penalized in *any* form?
The net only functions as a single entity because sp's intentionally
DONT hijack space and the mutual trust in other sp's rational behavior.
Si
Suresh Ramasubramanian wrote:
On Mon, Mar 17, 2008 at 6:38 PM, Jeff Aitken <[EMAIL PROTECTED]> wrote:
IMHO a better use of our time would be to solve the underlying technical
issue(s). Whether it's soBGP, sBGP, or something else, we need to figure
out how to make one of these proposals w
On Mon, Mar 17, 2008 at 6:38 PM, Jeff Aitken <[EMAIL PROTECTED]> wrote:
> IMHO a better use of our time would be to solve the underlying technical
> issue(s). Whether it's soBGP, sBGP, or something else, we need to figure
> out how to make one of these proposals work and get it implemented.
S
On Mon, Mar 17, 2008 at 03:48:07PM +0530, Glen Kent wrote:
> Do ISPs (PTA, AboveNet, etc) that "unintentionally" hijack someone
> else IP address space, ever get penalized in *any* form?
Not usually. I remember an incident (while working at AboveNet, ironically)
back in 98/99 where 701 "acciden
On Mon, Mar 17, 2008 at 3:48 PM, Glen Kent <[EMAIL PROTECTED]> wrote:
> Do ISPs (PTA, AboveNet, etc) that "unintentionally" hijack someone
> else IP address space, ever get penalized in *any* form? Depending
> upon whom and what they hijack, and who all get affected, it sure can
PTA's ASN actu
On Mon, Mar 17, 2008 at 01:13:04PM +0530, Suresh Ramasubramanian wrote:
> anybody see similar routing loops for those other prefixes that'd make
> it look like 5999 is a blackhole community at abovenet, so this dude
> is seeing what ORBS saw way back when (2000, right) - that is, he had
> abuse is
On Sat, Mar 15, 2008 at 11:57:50AM -0600, Danny McPherson wrote:
> An interesting bit is that the current announcement on routeviews
> directly from AS 6461 has Community 6461:5999 attached:
> ...
> 6461
> 64.125.0.137 from 64.125.0.137 (64.125.0.137)
> Origin IGP, metric 0, localpref
> >
> > Usually unintentional. See Pakistan Telecom for recent example.
>
> Pakistan's blackhole was semi-unintentional, kind of like you tried to
> shoot your spouse but the bullet went through the wall and
> "unintentionally" hit a neighbor.
Do ISPs (PTA, AboveNet, etc) that "unintention
On 17 Mar 2008 04:12:13 +, Paul Vixie <[EMAIL PROTECTED]> wrote:
> i think, at this stage and at this date, that bringing up the ORBS/abovenet
> debacle constitutes a "canard", and should be avoided, for the good of all.
Completely unrelated to l'affaire ORBS of course, but in this more
rec
[EMAIL PROTECTED] (John Payne) writes:
> > I think it was Abovenet that blackholed a /24 of (I want to say MAPS,
> > but that's not right) an anti-spam-RBL sometime pre-1999?
>
> ORBS, and the only reason it became such a big deal was that Abovenet was
> the upstream of ORBS' upstream. And that
On March 16, 2008 at 06:25 [EMAIL PROTECTED] (Paul Ferguson) wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> - -- "Glen Kent" <[EMAIL PROTECTED]> wrote:
>
> >If its done intentionally then it would only make sense if theres a
> >DOS attack coming from that address block,
On Mar 16, 2008, at 2:36 AM, Christopher Morrow wrote:
I think it was Abovenet that blackholed a /24 of (I want to say MAPS,
but that's not right) an anti-spam-RBL sometime pre-1999?
ORBS, and the only reason it became such a big deal was that Abovenet
was the upstream of ORBS' upstream. A
On Mon, 17 Mar 2008, Alastair Johnson wrote:
Correct. A particularly interesting case, since ORBS' transit provider was
also a transit customer of Above.net. Said transit provider would announce
their /16s, of which ORBS sat in a /24 or two of, and have their traffic
blackholed.
IIRC they
hours of outage... Whoah.. expensive!
Gunther
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im
> Auftrag von Felix Bako
> Gesendet: Sonntag, 16. März 2008 09:05
> An: Paul Ferguson
> Cc: [EMAIL PROTECTED]; nanog@merit.edu
> Betreff: R
Kameron Gasso wrote:
Christopher Morrow wrote:
I think it was Abovenet that blackholed a /24 of (I want to say MAPS,
but that's not right) an anti-spam-RBL sometime pre-1999?
If I'm not mistaken, that was ORBS.
Correct. A particularly interesting case, since ORBS' transit provider
was als
Christopher Morrow wrote:
> I think it was Abovenet that blackholed a /24 of (I want to say MAPS,
> but that's not right) an anti-spam-RBL sometime pre-1999?
If I'm not mistaken, that was ORBS.
> perhaps they had a significant number of complaints about the address
> block and no reaction from
Did they provide a reason for the outage? If so, please let us know
what the issue was.
Felix Bako wrote:
Thank guyz for your Help.
Above.net finaly resolved the issue
Regards
Felix
Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Glen Kent" <[EMAIL PROTECTED]
Thank guyz for your Help.
Above.net finaly resolved the issue
Regards
Felix
Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Glen Kent" <[EMAIL PROTECTED]> wrote:
If its done intentionally then it would only make sense if theres a
DOS attack coming from that ad
On Sun, Mar 16, 2008 at 2:07 AM, Glen Kent <[EMAIL PROTECTED]> wrote:
>
> Paul,
>
>
> > Also: I have seen instances where a static route points to a next
> > hop that (inadvertently) may be "redistribute-static" injected into
> > BGP. This happens occasionally due to ad hoc configurations,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Glen Kent" <[EMAIL PROTECTED]> wrote:
>If its done intentionally then it would only make sense if theres a
>DOS attack coming from that address block, or if theres something
>"blasphemous" put up there. If none of these, then why locally
>black
Paul,
> Also: I have seen instances where a static route points to a next
> hop that (inadvertently) may be "redistribute-static" injected into
> BGP. This happens occasionally due to ad hoc configurations, back-
> hole null routing, etc.
And why would an ISP locally try to blackhole traffic
On Sat, Mar 15, 2008, Danny McPherson wrote:
>
>
> A bit more analysis of this at the moment, and a few recommendations
> and related pointers is available here:
>
> http://tinyurl.com/2nqg2a
Its a good writeup. :)
It almost sounds like Felix should talk to some friendly SP's and organise
/25
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Bill Stewart" <[EMAIL PROTECTED]> wrote:
>I've seen two popular reasons for doing it accidentally
>- Fat fingers when configuring IP addresses by hand
>- Using old routing protocols such as IGRP or RIP and autosummarizing
>routes,
> usually d
> A popular reason from longer ago was enterprises that used
> arbitrary addresses for their internal networks,
> which was safe because they'd never be connected to the real internet.
> RFC1918 has made that problem mostly go away,
> but as recently as 1995 I had a customer who was a bank that wa
On Sat, Mar 15, 2008 at 9:09 PM, Glen Kent <[EMAIL PROTECTED]> wrote:
> Unlike the Youtube outage where PTA had issued a directive asking all
> ISPs to block Youtube - What is the reason most often cited for such
> mishaps? The reason i ask this is because the ISPs that
> "inadvertently" hijac
Unlike the Youtube outage where PTA had issued a directive asking all
ISPs to block Youtube - What is the reason most often cited for such
mishaps? The reason i ask this is because the ISPs that
"inadvertently" hijack someone elses IP space, need to explicitly
configure *something* to do this. So
A bit more analysis of this at the moment, and a few recommendations
and related pointers is available here:
http://tinyurl.com/2nqg2a
-danny
[more accurate subject line]
On Mar 14, 2008, at 1:33 PM, Felix Bako wrote:
Hello,
There is a routing loop while accesing my network 194.9.82.0/24 from
some networks on the Internet.
| This is a test done from lg.above.net looking glass.
1 ten-gige-2-2.mpr2.ams2.nl.above.net (64.125.26.
30 matches
Mail list logo