Here's a question that's been bugging me the whole thread, and it's a
bit of a newbie one. How is this different than someone faking SMTP
headers to make it seem like an email came from my domain when it
didn't? I'm talking in terms of morals, obviously; I understand the
technique is different.
On
On Jan 15, 2009, at 3:54 AM, Andy Davidson wrote:
On 14 Jan 2009, at 16:06, Jeroen Massar wrote:
Simon Lockhart wrote:
(Yes, I'm in the minority that thinks that Randy hasn't done
anything bad)
Nah, I agree with Randy's experiment too. People should protect
their networks better and this is
[mailto:j...@sackheads.org]
Sent: Wednesday, January 14, 2009 3:57 PM
To: Michienne Dixon
Cc: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
On Jan 14, 2009, at 10:50 AM, Michienne Dixon wrote:
Interesting - So as a cyber criminal - I could setup a router, start
On 14 Jan 2009, at 16:06, Jeroen Massar wrote:
Simon Lockhart wrote:
(Yes, I'm in the minority that thinks that Randy hasn't done
anything bad)
Nah, I agree with Randy's experiment too. People should protect
their networks better and this is clearly showing that there are a
lot of vulnera
ubject: Re: Anyone notice strange announcements for 174.128.31.0/24
On Jan 14, 2009, at 10:50 AM, Michienne Dixon wrote:
Interesting - So as a cyber criminal - I could setup a router, start
announcing AS 16733, 18872, and maybe 6966 for good measure and their
routers would ignore my announceme
t; liNKCity
> 312 Armour Rd.
> North Kansas City, MO 64116
> www.linkcity.org
> (816) 412-7990
>
> -Original Message-
> From: Simon Lockhart [mailto:si...@slimey.org]
> Sent: Wednesday, January 14, 2009 2:07 AM
> To: Hank Nussbacher
> Cc: NANOG list
> Subject
On Wed, Jan 14, 2009 at 1:22 PM, wrote:
> On Wed, 14 Jan 2009 10:47:23 EST, William Herrin said:
>> It's more like one owner in a condominium deciding to "test" the fire
>> alarm without first asking the condo association or letting the other
>> owners know about it ahead of time.
>
> On the othe
y.org
(816) 412-7990
-Original Message-
From: Simon Lockhart [mailto:si...@slimey.org]
Sent: Wednesday, January 14, 2009 2:07 AM
To: Hank Nussbacher
Cc: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
On Wed Jan 14, 2009 at 09:59:14AM +0200, Hank Nussbacher wr
Knowing the Randy's research, i am sure that Randy will be doing great work
this time too. Being a network researcher I can not wait more to see results
of this experiments.
But, even then I dont think it was a real smart thing to do without prior
permission.
> And yes, it applies in the network
On Wed, 14 Jan 2009 10:47:23 EST, William Herrin said:
> It's more like one owner in a condominium deciding to "test" the fire
> alarm without first asking the condo association or letting the other
> owners know about it ahead of time.
On the other hand, pre-announcing "We will have a fire drill
Michienne Dixon wrote:
Interesting - So as a cyber criminal - I could setup a router, start
announcing AS 16733, 18872, and maybe 6966 for good measure and their
routers would ignore my announcements and IP ranges that I siphoned from
searching IANA? Hm... Would that also prevent them from acce
Simon Lockhart [mailto:si...@slimey.org] wrote:
> On Wed Jan 14, 2009 at 09:59:14AM +0200, Hank Nussbacher wrote:
>> What if, by doing some research experiment, the researcher discovers
>> some unknown and latent bug in IOS or JunOS that causes much of the
>> Internet to go belly up? 1 in a bil
Abley; Patrick W. Gilmore
Cc: NANOG list
Subject: RE: Anyone notice strange announcements for 174.128.31.0/24
Um.. no. I can't speak for the others on this list who were
effected like us - but we take this stuff very seriously and
respectively you would too *if* you had a previous legit i
MO 64116
> www.linkcity.org
> (816) 412-7990
>
> -Original Message-
> From: Simon Lockhart [mailto:si...@slimey.org]
> Sent: Wednesday, January 14, 2009 2:07 AM
> To: Hank Nussbacher
> Cc: NANOG list
> Subject: Re: Anyone notice strange announcements for 174.128.31.
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
On Wed Jan 14, 2009 at 09:59:14AM +0200, Hank Nussbacher wrote:
> What if, by doing some research experiment, the researcher discovers
> some unknown and latent bug in IOS or JunOS that causes much of the
> Internet to
On Mon, Jan 12, 2009 at 5:51 PM, Michienne Dixon wrote:
> I would consider this analogous to a customer testing their home alarm
> system and not letting the alarm company know about the test.
It's more like one owner in a condominium deciding to "test" the fire
alarm without first asking the con
Yes, but I see that Randy has switched over to 3130 3130,
when olaf first tested our his code in lab, it was against a quagga,
which would not accept that. matt petach, in private email, asked why
we were not doing it. as it seemed to be in spec, olaf did it against a
crisco, and it works.
kris foster wrote:
On Jan 14, 2009, at 2:50 AM, Tim Franklin wrote:
On Tue, January 13, 2009 8:57 pm, Joe Abley wrote:
The fact that I choose to stick 701 in an AS_PATH attribute on a
prefix I advertise in order to stop that prefix from propagating into
701 is entirely my own business, and i
On Jan 14, 2009, at 2:50 AM, Tim Franklin wrote:
On Tue, January 13, 2009 8:57 pm, Joe Abley wrote:
The fact that I choose to stick 701 in an AS_PATH attribute on a
prefix I advertise in order to stop that prefix from propagating into
701 is entirely my own business, and it's a practice which
On Tue, January 13, 2009 8:57 pm, Joe Abley wrote:
> The fact that I choose to stick 701 in an AS_PATH attribute on a
> prefix I advertise in order to stop that prefix from propagating into
> 701 is entirely my own business, and it's a practice which, although
> apparently not commonplace, has bee
On Wed Jan 14, 2009 at 09:59:14AM +0200, Hank Nussbacher wrote:
> What if, by doing some research experiment, the researcher discovers some
> unknown and latent bug in IOS or JunOS that causes much of the Internet to
> go belly up? 1 in a billion chance, but nonetheless, a headsup would have
>
At 11:27 AM 13-01-09 -0800, Matthew Kaufman wrote:
That's why *I* wouldn't have run such an experiment myself, because
there's just too many cases these days where people have gotten convicted
of doing things like putting the wrong integer in their MySpace profile.
What if, by doing some resea
Sandy Murphy wrote:
The sidr wg is working on protection of the origination of the
route - so the origin AS in the AS_PATH is known to be authorized
to originate routes to the prefix.
That's not full AS_PATH protection. sidr is not doing full AS_PATH protection.
Yet.
I always considered AS
On 13 Jan 2009, at 15:39, Patrick W. Gilmore wrote:
See my earlier posts about using someone else's resources without
their permission or even notifying them, then telling them it is OK
because they shouldn't care anyway.
I read them. Nobody is using anybody else's resources. None of the
-Original Message-
From: Joe Abley [mailto:jab...@hopcount.ca]
Sent: Tuesday, January 13, 2009 12:37
To: Patrick W. Gilmore
Cc: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
> I'd call it a sign that people need to be more selective about what
Original Message-
From: Joe Abley [mailto:jab...@hopcount.ca]
Sent: Tuesday, January 13, 2009 3:37 PM
To: Patrick W. Gilmore
Cc: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
On 13 Jan 2009, at 15:32, Patrick W. Gilmore wrote:
> On Jan 13, 2009, at 3
>> It should be pointed out that pre-provisioned AS_Path filters and
>> prefix-lists would actually be effective at defeating this and
>> preventing someone who is actually malicious from using this
>> technique. This is an excellent argument for implementing SIDR...
>
>Finally we agree. Al
Seriously, you believe it's OK to blame the guy whose ASN was spoofed
for spending too long researching it?
I was _literally_ shaking my head when I read that.
--
TTFN,
patrick
On Jan 13, 2009, at 3:36 PM, Joe Abley wrote:
On 13 Jan 2009, at 15:32, Patrick W. Gilmore wrote:
On Jan 13, 2009, at 3:30 PM, Joe Abley wrote:
Were the victim
Heh, if only there was any sign of a victim.
The guy who spent time & effort investigating why his AS was
misused announced it h
On 13 Jan 2009, at 15:32, Patrick W. Gilmore wrote:
On Jan 13, 2009, at 3:30 PM, Joe Abley wrote:
Were the victim
Heh, if only there was any sign of a victim.
The guy who spent time & effort investigating why his AS was misused
announced it here. I'd call that at least a sign.
I'd ca
On Jan 13, 2009, at 3:30 PM, Joe Abley wrote:
Were the victim
Heh, if only there was any sign of a victim.
The guy who spent time & effort investigating why his AS was misused
announced it here. I'd call that at least a sign.
--
TTFN,
patrick
On 13 Jan 2009, at 11:12, Leo Bicknell wrote:
Loop detection kicks in only when there is a loop. You see your
own ASN coming back to you.
In the case we're discussing THERE IS NO LOOP. Someone is mis-using
this feature to control the propagation of routes.
Surely controlling the propagatio
Patrick W. Gilmore wrote:
Fortunately, people who run networks are not clueless ("jurors"?). Or
at least they are not supposed to be clueless.
If Randy were to be charged under any of the various computer abuse
statutes (which, given the history of their (ab)use, he certainly could
be), juro
On Jan 13, 2009, at 1:27 PM, Adrian Chadd wrote:
On Tue, Jan 13, 2009, Patrick W. Gilmore wrote:
How can anyone seriously argue the ASN owner is somehow wrong and
keep
a straight face? How can anyone else who actually runs a network not
see that as ridiculous?
Speaking purely as an outside
On Jan 13, 2009, at 1:18 PM, Matthew Kaufman wrote:
Patrick W. Gilmore wrote:
Filtering and other manipulation happened on your router,
prepending my ASN is putting that information into every router.
That seems to be a serious qualitative difference to me. Do you
disagree?
I think the
On Tue, Jan 13, 2009, Patrick W. Gilmore wrote:
> How can anyone seriously argue the ASN owner is somehow wrong and keep
> a straight face? How can anyone else who actually runs a network not
> see that as ridiculous?
Speaking purely as an outsider who hasn't had to pull such jack moves
with
On Tue, Jan 13, 2009 at 08:53:42AM -0800, David Barak wrote:
> --- On Tue, 1/13/09, Jared Mauch wrote:
> > Does that mean that I hijacked their identiy and forged
> > it? What level of trust do you place in the AS_PATH for your
> > routing, debugging and
> > decision making process?
>
> AS_P
On Jan 13, 2009, at 1:11 PM, David Barak wrote:
--- On Tue, 1/13/09, Patrick W. Gilmore wrote:
Personally, I would be upset if someone injected
a route
with my ASN in the AS_PATH without my permission.
Why? Is this a theoretical "because it's
ugly" complaint, or is there a reaso
Patrick W. Gilmore wrote:
Filtering and other manipulation happened on your router, prepending my
ASN is putting that information into every router. That seems to be a
serious qualitative difference to me. Do you disagree?
I think the basic disagreement is whether you think that "your stuf
--- On Tue, 1/13/09, Patrick W. Gilmore wrote:
> > AS_PATH != identity, and I would not recommend loading
> the latter onto the former.
>
> We disagree. When I am researching something, I frequently
> look at ASNs in the path to figure out not just where but
> who controls the path.
Oh, I cert
On Jan 13, 2009, at 11:53 AM, David Barak wrote:
--- On Tue, 1/13/09, Jared Mauch wrote:
No, they are both victims. If I inject a path that
purports
there is an edge between two networks which are engaged in
a bitter
dispute, (i'll use cogent & sprint as an example) -
_1239_174_ that
On Tue, Jan 13, 2009 at 12:11 PM, Matthew Kaufman wrote:
> On Jan 13, 2009, at 6:34 AM, Joe Abley wrote:
>
>
>> On 2009-01-13, at 00:05, Paul Wall wrote:
>>
>> Also, I'd agree
>>> announcing other peoples' ASNs,
>>>
>>
>> How do you announce an ASN?
>>
>>
> Clearly it means to use someone else'
On Jan 13, 2009, at 6:34 AM, Joe Abley wrote:
On 2009-01-13, at 00:05, Paul Wall wrote:
Also, I'd agree
announcing other peoples' ASNs,
How do you announce an ASN?
Clearly it means to use someone else's ASN without authorization in a
way that is not intended by the org/person it I'd a
--- On Tue, 1/13/09, Jared Mauch wrote:
>
> No, they are both victims. If I inject a path that
> purports
> there is an edge between two networks which are engaged in
> a bitter
> dispute, (i'll use cogent & sprint as an example) -
> _1239_174_ that may
> create a situation where some
In a message written on Tue, Jan 13, 2009 at 08:55:40AM -0500, John Payne wrote:
> I guess the problem is that AS PATH is overloaded and people forget
> that the primary purpose is loop-avoidance. Everything else is
> secondary and much like reading Received headers in SMTP mail, you
> reall
tuff.
Paul
-Original Message-
From: jim deleskie [mailto:deles...@gmail.com]
Sent: Tuesday, January 13, 2009 10:34 AM
To: Jared Mauch
Cc: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
Jared,
Fine which makes it an interesting data point and something to loo
Jared,
Fine which makes it an interesting data point and something to look
at after lunch when I'm not doing something else kinda issue. Not
something I'm going to treat as a P1 and drop everything work or real
life related for. I'm not say it shouldn't be looked it, just that in
the grand schem
Once upon a time, David Barak said:
> I completely agree with Jim: I have no idea why alert thresholds are
> set to a level of sensitivity which would cause this to become a "must
> be dealt with this minute" sort of issue. What exactly is the threat
> potential of someone else's IP space being a
On Tue, Jan 13, 2009 at 07:00:34AM -0800, David Barak wrote:
> If the concern was a Pilosov/Kapela style hijack, wouldn't the first thing
> you'd check be what the address range was? That would lead you straight to
> Randy, and that should have cleared up the matter straightaway. Remember:
> t
--- On Mon, 1/12/09, deles...@gmail.com wrote:
> This was a test using unassigned IP block, unless I'm
> reading it wrong. If a noc alerted on this it should have
> still be a low priority issue. I don't see any issues
> with the way this was carried out at all.
>
> -jim
I completely agree
On 2009-01-13, at 00:05, Paul Wall wrote:
Also, I'd agree
announcing other peoples' ASNs,
How do you announce an ASN?
Joe
On Jan 13, 2009, at 12:05 AM, Paul Wall wrote:
On Mon, Jan 12, 2009 at 7:29 PM, Leo Bicknell
wrote:
You really should make some friends Randy.
He is, on Second Life.
Seriously though... I've not seen any discussion of the application of
"allowas-in", a valid neighbor configuration under c
On Mon, Jan 12, 2009 at 7:29 PM, Leo Bicknell wrote:
> You really should make some friends Randy.
He is, on Second Life.
Seriously though... I've not seen any discussion of the application of
"allowas-in", a valid neighbor configuration under certain
topologies/scenarios, as relates to impact to
Nathan Ward wrote:
A suggestion I made to Randy at APRICOT in early 2007 when he was
presenting his BGP beacon bogon filter detection stuff[1] was that he
could use AS_PATH poisoning to detect broken filters and topology
between two ASes, not just the best route back to him from each AS.
I th
In a message written on Tue, Jan 13, 2009 at 08:20:28AM +0900, Randy Bush wrote:
> of course, we're sorry we set off folk's broken alarm systems :-) [
> sense of humor required, leo ]
Ah, I get the smiley this time. That's the indication you're not
serious about the sentence you just wrote! Ah
On 13/01/2009, at 12:32 PM, Jack Bates wrote:
I suspect part of this test is to determine if there are enough
defaults to allow traffic through even though the route isn't being
processed by certain networks (ie, it does not good to poison
AS_PATH if defaults in general will allow DOS traff
Le lundi 12 janvier 2009 à 18:23 -0500, Joe Provo a écrit :
> On Mon, Jan 12, 2009 at 05:13:10PM -0600, Michienne Dixon wrote:
> [snip]
> > Easy - Refer all anomalies that do not the result of a direct outage to
> > Randy. :D
>
> ...if he's the contact or expressly mentioned in the registration,
Paul Stewart wrote:
The alerts we got were because our AS number was showing up somewhere
else in the world. Whether it's "legit" IP space or not - it still
warrants investigation on a high priority from my perspective.
Given the use of the ASN, I'm surprised that you place high priority of
On Mon, Jan 12, 2009 at 05:13:10PM -0600, Michienne Dixon wrote:
[snip]
> Easy - Refer all anomalies that do not the result of a direct outage to
> Randy. :D
...if he's the contact or expressly mentioned in the registration, that
makes sense. Oh look, he is.
%whonum 174.128.31.0
OrgName:Am
Now that doesn't mean other operators can't put in a lightning talk
about the impact or 'event' this triggered in their own NOC environments
along with what they recommend operators do to reduce the spun cycles
great idea!
as i was about to send to someone else with a thinner skin than you :)
ne Dixon; NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
This was a test using unassigned IP block, unless I'm reading it wrong.
If a noc alerted on this it should have still be a low priority issue.
I don't see any issues with the way this was carried out at all
Now that doesn't mean other operators can't put in a lightning talk
about the impact or 'event' this triggered in their own NOC environments
along with what they recommend operators do to reduce the spun cycles
Easy - Refer all anomalies that do not the result of a direct outage to
Randy. :D
Fair enough. Unfortunate, and I'll miss you in .DR, but understood.
Now that doesn't mean other operators can't put in a lightning talk about
the impact or 'event' this triggered in their own NOC environments along
with what they recommend operators do to reduce the spun cycles
Cheers, -ren
On
:patr...@ianai.net]
Sent: Monday, January 12, 2009 5:00 PM
To: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
On Jan 12, 2009, at 5:55 PM, Michienne Dixon wrote:
> But isn't this method kind of related to how an network from the
> Mediterranean/Mid-east went abo
ubject: RE: Anyone notice strange announcements for 174.128.31.0/24
Sent: Jan 12, 2009 6:55 PM
But isn't this method kind of related to how an network from the
Mediterranean/Mid-east went about blocking what they felt was
undesirable/offensive content from entering their network?
-
Michienn
On Jan 12, 2009, at 5:55 PM, Michienne Dixon wrote:
But isn't this method kind of related to how an network from the
Mediterranean/Mid-east went about blocking what they felt was
undesirable/offensive content from entering their network?
No.
--
TTFN,
patrick
Could you please put in a lightning talk for this experiment? It would
be great to hear more about this in .DR. We're accepting submissions now
for lightning talks on Monday the 26th of January.
a - i will not be in dr. i really wanted to support the dr meeting,
but it's hard to justify aft
64116
www.linkcity.org
(816) 412-7990
-Original Message-
From: Randy Bush [mailto:ra...@psg.com]
Sent: Monday, January 12, 2009 4:47 PM
To: Paul Stewart
Cc: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
On 09.01.13 07:42, Paul Stewart wrote:
> For us, it was annoy
Hi Randy (and the cast of characters on this thread),
Could you please put in a lightning talk for this experiment? It would be
great to hear more about this in .DR. We're accepting submissions now for
lightning talks on Monday the 26th of January. http://www.nanogpc.org is
the best place. Che
ce strange announcements for 174.128.31.0/24
On 2009-01-12, at 16:16, Patrick W. Gilmore wrote:
> People have been doing it forever. However, it has been considered
> sketchy at best.
This all seems highly subjective. Considered that way by some, sure
(including you, it seems).
In my experience pr
On 09.01.13 07:42, Paul Stewart wrote:
For us, it was annoying - we look for prefix hijackings or what appear
to be.
i think herein lies the rub. it is not prefix hijacking and in no way
should it appear that way to you. i suggest tuning your detectors. i
am told that path poisoning is use
-
From: Christian Koch [mailto:christ...@broknrobot.com]
Sent: January 12, 2009 5:34 PM
To: NANOG list
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
>
> ] part of the experiment is to measure the difference between the
amount
> ] of nanog mail lorenzo drew in 200
>
> ] part of the experiment is to measure the difference between the amount
> ] of nanog mail lorenzo drew in 2005 by pre-announcing with the amount we
> ] get in 2009 while not pre-announcing. :)
>
> This statement is an admission that he set out to annoy people,
> annoy them enough they would
] part of the experiment is to measure the difference between the amount
] of nanog mail lorenzo drew in 2005 by pre-announcing with the amount we
] get in 2009 while not pre-announcing. :)
This statement is an admission that he set out to annoy people,
annoy them enough they would complain on a
In a message written on Mon, Jan 12, 2009 at 04:51:36PM -0500, Joe Abley wrote:
> Randy's application, and Lorenzo's before him also seem like short-
> term applications designed to explore answering operational questions.
>
> Just because something is generally not used, or even if it's only
>
On Mon, Jan 12, 2009 at 04:51:36PM -0500, Joe Abley wrote:
[snip]
> In my experience prepending someone else's AS to a prefix has only
> been useful operationally only as a short-term, emergency measure
> (e.g. when trying to avoid a black-hole between two remote ASes,
> neither of whom shows
On 2009-01-12, at 16:16, Patrick W. Gilmore wrote:
People have been doing it forever. However, it has been considered
sketchy at best.
This all seems highly subjective. Considered that way by some, sure
(including you, it seems).
In my experience prepending someone else's AS to a prefix
Might be helpful to update the WHOIS data:
arin's good folk say it will be updated in tonight's (stateside night) run.
randy
On Mon, Jan 12, 2009 at 3:34 PM, Randy Bush wrote:
> On 09.01.13 05:32, Michienne Dixon wrote:
>
>> guy's gotta sleep some time. it's 04:40 here.
>>>
>> My apologizes for jumping the gun.
>>
>
> i demand a full refund! :)
>
> but that's about the best use for guns i can think of.
>
> randy
>
>
If this were not Randy doing a research project, but, say, Cogent
prepending the ASN of $LATEST_DEPEERED_NETWORK on announcements to
Verio, how different would the tone of this thread have been?
yep, tools can be used for both good and bad.
randy
* Jack Bates:
> Florian Weimer wrote:
>> I think this is over the line. You can't put other people's IDs into
>> routing data on production networks. (Well, technically you can,
>> obviously, but you shouldn't.)
>
> Actually, the placement of the ASN is exactly what they need to do the
> test, a
On Jan 12, 2009, at 4:12 PM, Joe Abley wrote:
On 2009-01-12, at 15:39, Florian Weimer wrote:
So does "academic" mean "unethical" these days?
I think this is over the line. You can't put other people's IDs into
routing data on production networks. (Well, technically you can,
obviously, but yo
On 2009-01-12, at 15:39, Florian Weimer wrote:
So does "academic" mean "unethical" these days?
I think this is over the line. You can't put other people's IDs into
routing data on production networks. (Well, technically you can,
obviously, but you shouldn't.)
The AS_PATH attribute is a loo
Florian Weimer wrote:
I think this is over the line. You can't put other people's IDs into
routing data on production networks. (Well, technically you can,
obviously, but you shouldn't.)
Actually, the placement of the ASN is exactly what they need to do the
test, as it is treated as a routin
* Randy Bush:
> On 09.01.13 03:40, Michienne Dixon wrote:
>> I'm not entirely certain what is going on but has anyone noticed some
>> strange announcements for 174.128.31.0/24?
>
> see http://psg.com/173-174/
So does "academic" mean "unethical" these days?
I think this is over the line. You can
On 09.01.13 05:32, Michienne Dixon wrote:
guy's gotta sleep some time. it's 04:40 here.
My apologizes for jumping the gun.
i demand a full refund! :)
but that's about the best use for guns i can think of.
randy
please notify the sender and delete this e-mail from your system.
-Original Message-
From: Paul Stewart [mailto:pstew...@nexicomgroup.net]
Sent: Monday, January 12, 2009 2:29 PM
To: Michienne Dixon; nanog@nanog.org
Subject: RE: Anyone notice strange announcements for 174.128.31.0/24
. Abbas; Michienne Dixon; nanog@nanog.org
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
On 09.01.13 03:52, Paul Stewart wrote:
> Same here.. got a notice this morning and while it's false, I still
> have no response from Randy neither on this matter..
guy's
On 09.01.13 03:52, Paul Stewart wrote:
Same here.. got a notice this morning and while it's false, I still have
no response from Randy neither on this matter..
guy's gotta sleep some time. it's 04:40 here.
if you wrote me directly, you would have a response by now. almost to
the bottom of m
On 09.01.13 03:40, Michienne Dixon wrote:
I'm not entirely certain what is going on but has anyone noticed some
strange announcements for 174.128.31.0/24?
see http://psg.com/173-174/
randy
next time before wasting a lot
of people's time...
Paul
-Original Message-
From: Michienne Dixon [mailto:mdi...@nkc.org]
Sent: Monday, January 12, 2009 2:20 PM
To: nanog@nanog.org
Subject: RE: Anyone notice strange announcements for 174.128.31.0/24
The IAR was the source of my notice
MSA> Date: Mon, 12 Jan 2009 18:48:42 +
MSA> From: Majdi S. Abbas
MSA> More seriously, this is indeed reachability research. Try emailing
MSA> the AS 3130 contacts although I'd imagine Randy will see this.
Why not do this in a lab instead?
;-)
Eddy
--
Everquick Internet - http://www.everqu
ajdi S. Abbas; Michienne Dixon; nanog@nanog.org
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
At some point 3130 announced these prefixes, and is now prepending other
ASes to them. Pretty Good BGP (and hence the IAR) sees them as prefix
hijacks. If you'd like to see the
enne Dixon
> Cc: nanog@nanog.org
> Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
>
> On Mon, Jan 12, 2009 at 12:40:42PM -0600, Michienne Dixon wrote:
> > I'm not entirely certain what is going on but has anyone noticed some
> > strange announcements
to notify us first... especially on something as major as a
> prefix hijacking (potentially)
>
> Paul
>
>
>
> -Original Message-
> From: Majdi S. Abbas [mailto:m...@latt.net]
> Sent: Monday, January 12, 2009 1:49 PM
> To: Michienne Dixon
> Cc: nanog@nanog.org
&g
ially)
Paul
-Original Message-
From: Majdi S. Abbas [mailto:m...@latt.net]
Sent: Monday, January 12, 2009 1:49 PM
To: Michienne Dixon
Cc: nanog@nanog.org
Subject: Re: Anyone notice strange announcements for 174.128.31.0/24
On Mon, Jan 12, 2009 at 12:40:42PM -0600, Michienne Dixon wrote:
>
On Mon, Jan 12, 2009 at 12:40:42PM -0600, Michienne Dixon wrote:
> I'm not entirely certain what is going on but has anyone noticed some
> strange announcements for 174.128.31.0/24?
>
> I received a hijack notice that my AS (AS11708) was announcing the above
> IP range. I verified that I was not
I'm not entirely certain what is going on but has anyone noticed some
strange announcements for 174.128.31.0/24?
I received a hijack notice that my AS (AS11708) was announcing the above
IP range. I verified that I was not when I started noticing some
strange announcements for that range. Around
98 matches
Mail list logo
