Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IP announce DOS

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 9 Jun 2005 10:36:03 -0700
  Did you get your Class C address from the relevant authority (ARIN,
APNIC, RIPE, etc)?  Or is it one that the old ISP assigned you, out
of address space assigned to them?  [It sounds like you think the
former case applies, but since this is the "basics" list, I can't
entirely assume that.]

  If there were a technical fix, a way to have BGP say "THIS is the
One True Path to AS ____", then everyone would enable it and we'd
be right back where we started....

  Do you know your old ISP's upstream providers?  A competent ISP
will have at least two, but if they're small they might not have 
more than that.  Perhaps they can be persuaded not to accept that
ISP's announcement of this block?

David Gillett



-----Original Message-----
From: Alex Thurlow [mailto:buddychrist () gmail com]
Sent: Wednesday, June 08, 2005 2:24 PM
To: 'security-basics () securityfocus com'
Subject: IP announce DOS


I'm not positive this is the correct list to ask, but it is a 
security 
concern, so I thought I would.  The company I work for had T1 lines 
running to our office provided by a local provider.  We had our own C 
block of IPs being announced by them and routed to us over 
those T1s.  
Our relationship with them went sour (for many reasons I 
won't get into 
here), and we had to move to a different provider.  We had 
the routing 
switched over to them.  Everything was fine.  Here it is a few weeks 
later, and suddenly our old provider starts announcing these 
IPs again.  
The end result is a partial DOS attack (hence writing to this 
list) as 
some people can't reach us.  They won't stop the 
announcement.  I don't 
know all the details on what they've said there as it's now gone to 
executives and legal people dealing with them.  Is there 
anything we can 
do here from a network standpoint?  Someone we can report 
them to?  How 
do people protect themselves from just anyone announcing IPs 
that aren't 
theirs?

Thanks in advance,
Alex Thurlow


________________________________________

SKYLIST
Email Marketing Solutions that Deliver
Service You Can Trust

You are receiving this email message
from a representative of SKYLIST, Inc.
13171 Pond Springs Road, Austin, TX 78729
Toll Free: 877.250.2922

To cease all communication with SKYLIST, visit
http://www.skylist.net/unsubscribe
or send an email to unsubscribe () skylist com
Previous By Date Next
Previous By Thread Next

Current thread: