On 30/08/2008, at 9:58 AM, Florian Weimer wrote:
* Alex Pilosov:
We've demonstrated ability to monitor traffic to arbitrary
prefixes. Slides for presentation can be found here:
http://eng.5ninesdata.com/~tkapela/iphd-2.ppt
The interesting question is whether it's acceptable to use this trick
On Aug 29, 2008, at 22:41, "jim deleskie" <[EMAIL PROTECTED]> wrote:
I'm afraid of the answer to that question
No you are not, since you already know the answer.
--
TTFN,
patrick
On Fri, Aug 29, 2008 at 11:25 PM, Adrian Chadd
<[EMAIL PROTECTED]> wrote:
On Fri, Aug 29, 2008, jim delesk
I'm afraid of the answer to that question
On Fri, Aug 29, 2008 at 11:25 PM, Adrian Chadd <[EMAIL PROTECTED]> wrote:
> On Fri, Aug 29, 2008, jim deleskie wrote:
>> Announcing a smaller bit of one of you block is fine, more then that
>> most everyone I know does it or has done and is commonly accept
On Fri, Aug 29, 2008, jim deleskie wrote:
> Announcing a smaller bit of one of you block is fine, more then that
> most everyone I know does it or has done and is commonly accepted.
> Breaking up someone else' s block and making that announcement even if
> its to modify traffic between 2 peered net
On Sat, 30 Aug 2008, Paul Ferguson wrote:
I applaud GLBX's move to disconnect Atrivo/Intercage.
What the Armin/McQuaid/Jonkman report [1] documented are activities
that many of us in the security community have known for a couple
of years.
One thing that Krebs _didn't_ mention in his WaPo artic
Announcing a smaller bit of one of you block is fine, more then that
most everyone I know does it or has done and is commonly accepted.
Breaking up someone else' s block and making that announcement even if
its to modify traffic between 2 peered networks is typically not
looked as proper. Modify y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Marc Sachs" <[EMAIL PROTECTED]> wrote:
>Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
>good-bye to Atrivo/Intercage), it looks like they are no longer their
>upstream:
>
>http://cidr-report.org/cgi-bin/as-report?as=AS27
On Fri, Aug 29, 2008 at 19:14, Gadi Evron <[EMAIL PROTECTED]> wrote:
> On Fri, 29 Aug 2008, Marc Sachs wrote:
>>
>> Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
>> good-bye to Atrivo/Intercage), it looks like they are no longer their
>> upstream:
>>
>> http://cidr-report.
- Original Message -
Let's say the attacker is announcing one or more /24s of mine and announcing a
more specific is not possible. I figure it out somehow and begin announcing
the same. The attacker doesn't stop his attack. What happens? The part of
the internet closest in topolog
On Aug 29, 2008, at 6:08 PM, Owen DeLong wrote:
Marshal,
Since his question was specifically about I don't see the answer
in either of the places you referenced
Sorry, I was too eager to respond. The assignees of the 32 bit ASN
will have to ask for
space from IANA from the former "eG
Goto www.traceroute.org for a very comprehensive looking glass and routeview
servers list. You can then determine how succesful your attempts to quell an
attack are.
- Original Message -
From: "Scott Weeks" [EMAIL PROTECTED]
Sent: 08/29/2008 04:06 PM MST
To: <[EMAIL PROTECTED]>
Subject:
-- [EMAIL PROTECTED] wrote: -
You need to contact 1st their directly connected provider, 2nd contact your
upstream provider and ask that they contact their peers and negate the
announcement. 3rd if this is an ARIN provided block contact them as you do pay
for your allocation and th
On Fri, 29 Aug 2008, Marc Sachs wrote:
Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
good-bye to Atrivo/Intercage), it looks like they are no longer their
upstream:
http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
Current peers:
http://cidr-report.org/
Correct, as you would then be contending with the path length portion of the 10
determistic citeria in the bgp protocol.
- Original Message -
From: "Scott Weeks" [EMAIL PROTECTED]
Sent: 08/29/2008 04:06 PM MST
To: <[EMAIL PROTECTED]>
Subject: Re: BGP Attack - Best Defense ?
-
Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
good-bye to Atrivo/Intercage), it looks like they are no longer their
upstream:
http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
Marc
SANS ISC
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTE
--- [EMAIL PROTECTED] wrote: --
From: Steve Gibbard <[EMAIL PROTECTED]>
On Fri, 29 Aug 2008, Scott Weeks wrote:
> I am signed up for the Prefix Hijack Alert System
> (phas.netsec.colostate.edu) and would be alerted in about 6 hours (or
> less?) about a prefix announcement ch
You need to contact 1st their directly connected provider, 2nd contact your
upstream provider and ask that they contact their peers and negate the
announcement. 3rd if this is an ARIN provided block contact them as you do pay
for your allocation and they will have the contacts to resolve the iss
On Fri, 29 Aug 2008, Scott Weeks wrote:
Restating my question differently: If the attacker is announcing a /24
of mine, I figure it out some how and I start announcing the same.
What happens if the attacker doesn't stop?
You may as well announce both the same /24 and /25s if you can...though
On Fri, 29 Aug 2008, Scott Weeks wrote:
I am signed up for the Prefix Hijack Alert System
(phas.netsec.colostate.edu) and would be alerted in about 6 hours (or
less?) about a prefix announcement change.
I then would deaggregate (as little as possible) to be able to announce
the same more spe
--- [EMAIL PROTECTED] wrote: ---
From: Jason Fesler <[EMAIL PROTECTED]>
> I am signed up for the Prefix Hijack Alert System
> (phas.netsec.colostate.edu) and would be alerted in about 6 hours (or
> less?) about a prefix announcement change.
Would the alerts go to a mail server behind
I am signed up for the Prefix Hijack Alert System
(phas.netsec.colostate.edu) and would be alerted in about 6 hours (or
less?) about a prefix announcement change.
Would the alerts go to a mail server behind said BGP prefixes?
Also, if you're gonna bother at all.. I'd humbly suggest that 6 hour
Marshal,
Since his question was specifically about I don't see the answer
in either of the places you referenced The calculator didn't
like a 32 bit ASN:
AS Number Out of Range
AS numbers are represented by 16 bits; 65535 maximum in decimal.
Back to the GLOP Calculator
Return to Shepfarm M
Please allow me to change this:
"I then would deaggregate (as little as possible) to be able to announce the
same more specific as the attacker."
to this:
"Announce the same more specific as the attacker."
scott
--- [EMAIL PROTECTED] wrote:
From: "Scott Weeks" <[EMAIL PROTECTED]>
To: <[
* Alex Pilosov:
> We've demonstrated ability to monitor traffic to arbitrary
> prefixes. Slides for presentation can be found here:
> http://eng.5ninesdata.com/~tkapela/iphd-2.ppt
The interesting question is whether it's acceptable to use this trick
for non-malicious day-to-day traffic engineerin
My question revolves around the best recovery from an attack of the type we've
been discussing. I only figured out the attack methodology yesterday evening
Hawaiian Standard Time. Be gentle please... :-)
I am signed up for the Prefix Hijack Alert System (phas.netsec.colostate.edu)
and w
On Aug 29, 2008, at 4:58 PM, Marshall Eubanks wrote:
On Aug 29, 2008, at 4:50 PM, Haven Hash wrote:
Concerning 32 bit AS numbers, are organizations which are granted
32 bit AS
numbers given any multicast address space?
Oh, and there is a plan in the works to accommodate those with 32 b
On Aug 29, 2008, at 4:50 PM, Haven Hash wrote:
Concerning 32 bit AS numbers, are organizations which are granted 32
bit AS
numbers given any multicast address space?
If so is it possible to figure out what this space is from the ASN
ala GLOP
(233.ASN.ASN.x)?
Yes, and yes.
The space t
Concerning 32 bit AS numbers, are organizations which are granted 32 bit AS
numbers given any multicast address space?
If so is it possible to figure out what this space is from the ASN ala GLOP
(233.ASN.ASN.x)?
Thanks,
Haven Hash
On Fri, Aug 29, 2008 at 1:12 PM, Arie Vayner <[EMAIL PROTECTED]>
On Sat, Aug 30, 2008 at 1:32 AM, Gadi Evron <[EMAIL PROTECTED]> wrote:
> 2. On a different note, why is anyone still accepting their route
> announcements? I know some among us re-route RBN traffic to protect users.
> Do you see this as a valid solution for your networks?
>
> What ASNs belong to At
Pender,
One small correction... For 7600, 12.2SR, the support would come out in
12.2SRD
Arie
On Fri, Aug 29, 2008 at 6:44 PM, Pender, James <[EMAIL PROTECTED]>wrote:
>
> These are the dates I have for Cisco platforms:
>
> IOS XR 3.4 - September 2007
> IOS 12.0(32)S11 - November 2008
> IOS 12.2S
Hi all.
This Washington Post story came out today:
http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as_major.html
In it, Brian Krebs discusses the SF Bay Area based Atrivo/Intercage, which
has been long named as a bad actor, accused of shuffling abuse reports to
differ
On 2008/08/29 07:45 PM Christian Koch wrote:
you might want to check the obvious first :)
http://www.tunnelbroker.net/forums/
[EMAIL PROTECTED]
Yes, problem was my prefix was routed wrong.. so trying to get to the
site was tedious and would have required turning off IPv6 only to turn
it on l
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to [EMAIL PROTECTED]
For historical data, please see http://thyme.apnic.net.
If you have any comments please contact Philip Smith <[EMAIL PROTECTED]
you might want to check the obvious first :)
http://www.tunnelbroker.net/forums/
[EMAIL PROTECTED]
On Fri, Aug 29, 2008 at 5:34 AM, Colin Alston <[EMAIL PROTECTED]> wrote:
> Is anyone from Hurricane Electric/TunnelBroker.net here?
>
>
On Fri, 29 Aug 2008 05:44:28 +0530, Glen Kent said:
> I understand, but the question is what if they dont?
If it's an alleged router, and it doesn't know how to frag a packet, it's
probably so brain-damaged that it can't send a recognizable 'Frag Needed'
ICMP back either. At that point, all bets
These are the dates I have for Cisco platforms:
IOS XR 3.4 - September 2007
IOS 12.0(32)S11 - November 2008
IOS 12.2SRE - December 2008
IOS 12.5(1)T - April 2009
-Original Message-
From: andy lam [mailto:[EMAIL PROTECTED]
Sent: Friday, August 29, 2008 11:29 AM
To: [EMAIL PROTECTED]
Â
Cisco IOS XR Software Release 3.4.0 adds support for BGP Authentication Key
Chaining, BGP 4-Byte Autonomous System Number (ASN), and BGP Next Hop tracking
enhancements.
http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.4/general/release/notes/reln_34.html#wp239046
BGP 4-Byte ASN—Increases the
I am doing some research for our company regarding 32 bit ASN numbers. I am
trying to locate information about vendor and service provider support. In
particular I have not been able to find what Cisco IOS image I would need to
load on our router to support 32 bit ASN's. I also want to know w
Jon Lewis wrote:
Do you utilize the IRR, have an as-set, and put all customer AS/CIDR's
into the IRR? I've honestly never heard from LVL3 about our
advertisements. Other providers have varied from just needing a web
form, email, phone call, or those combined with faxed LOAs. The
latter gets
This report has been generated at Fri Aug 29 21:18:25 2008 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
BGP Update Report
Interval: 28-Jul-08 -to- 28-Aug-08 (32 days)
Observation Point: BGP Peering with AS2.0
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS9583 161731 2.9% 129.3 -- SIFY-AS-IN Sify Limited
2 - AS1803 102448 1.8%
Is anyone from Hurricane Electric/TunnelBroker.net here?
On 29 aug 2008, at 2:14, Glen Kent wrote:
I understand, but the question is what if they dont?
Then the internet breaks.
43 matches
Mail list logo
