Hi Job,
I believe your disclaimer makes a lot of sense. From our perspective using more
specifics is one of the options to make BGP follow the optimized path instead
of the « natural » path. We used to be doing more specifics because with the
same prefix being announced, we were simply not
Dear Francois,
On Thu, May 17, 2018 at 10:14:19AM +, Francois Devienne wrote:
> The examples you mention confirm the issues are mainly due to poorly
> configured networks where routes are leaked out although they
> shouldn’t be. Adequate routers are able to filter out prefixes based
> on
On 31/08/17 22:06, Job Snijders wrote:> I strongly recommend to turn off
those BGP optimizers, glue the ports
> shut, burn the hardware, and salt the grounds on which the BGP optimizer
> sales people walked.
Yes.
> p.s. providing a publicly available BGP looking glasses will contribute
> to
We regularly see poorly configured "optimizers" or networks hijacking our
prefixes (originating /25's, /24 of /23's etc).
Thankfully, most of the time filters are in place to stop them leaking
badly, but I agree, these are toxic.
-Tom
On Fri, Sep 1, 2017 at 6:06 AM, Job Snijders
s
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Mike Hammett" <na...@ics-il.net>
Cc: nanog@nanog.org
Sent: Thursday, August 31, 2017 8:55:46 PM
Subject: Re: BGP Optimizers (Was: Validating possible BGP MITM attack)
I would like to use a
http://www.midwest-ix.com
- Original Message -
From: "Mike Hammett" <na...@ics-il.net>
Cc: nanog@nanog.org
Sent: Thursday, August 31, 2017 9:02:07 PM
Subject: Re: BGP Optimizers (Was: Validating possible BGP MITM attack)
Actually, I do remember that one of the
://www.midwest-ix.com
- Original Message -
From: "Mike Hammett" <na...@ics-il.net>
Cc: nanog@nanog.org
Sent: Thursday, August 31, 2017 8:55:46 PM
Subject: Re: BGP Optimizers (Was: Validating possible BGP MITM attack)
I would like to use a BGP optimizer,
idating possible BGP MITM attack)
Dear all,
disclaimer:
[ The following is targetted at the context where a BGP optimizer
generates BGP announcement that are ordinarily not seen in the
Default-Free Zone. The OP indicated they announce a /23, and were
unpleasantly surprised to see
Dear all,
disclaimer:
[ The following is targetted at the context where a BGP optimizer
generates BGP announcement that are ordinarily not seen in the
Default-Free Zone. The OP indicated they announce a /23, and were
unpleasantly surprised to see two unauthorized announcements
FYI - I did get a response back from BGPMon- they concur with Job:
"Hi Andy,
unfortunately we had a peer sending us a polluted BGP views. Most likely
using a BGP optimizer that is making up new paths.
We've reached out to 131477 and dropped the session with them.
This was most likely 131477
Hi Steve and Job,
Same here- I didn't actually see my prefixes leaked anywhere I could
check, but I couldn't check near China where BGPmon's probe was
complaining. So I was glad it didn't seem to be spreading, but still
concerned that there may have been a large area (China) where my traffic
On Thu, Aug 31, 2017 at 1:23 PM, Steve Feldman
wrote:
> Interesting. We also got similar BGPMon alerts about disaggregated
> portions of couple of our prefixes. I didn't see any of the bad prefixes in
> route-views, though.
>
> The AS paths in the alerts started with
Interesting. We also got similar BGPMon alerts about disaggregated portions of
couple of our prefixes. I didn't see any of the bad prefixes in route-views,
though.
The AS paths in the alerts started with "131477 38478 ..." and looked valid
after that. Job's suggestion would explain that.
Hi Andy,
It smells like someone in 38478 or 131477 is using Noction or some other
BGP "optimizer" that injects hijacks for the purpose of traffic
engineering. :-(
Kind regards,
Job
On Thu, 31 Aug 2017 at 19:38, Andy Litzinger
wrote:
> Hello,
> we use
Hello,
we use BGPMon.net to monitor our BGP announcements. This morning we
received two possible BGP MITM alerts for two of our prefixes detected by a
single BGPMon probe located in China. I've reached out to BGPMon to see
how much credence I should give to an alert from a single probe
15 matches
Mail list logo