Re: Deaggregating for emergency purposes

[Ratul Mahajan <ratul () cs washington edu>]

Based on my experience with the BGP misconfiguration study
http://www.cs.washington.edu/homes/ratul/bgp/index.html I can say that
this is not an idle worry. We saw about 15 hijack incidents (mostly of
more-specifics, but full prefixes too) per day. We used route-views data,
so even if hijacks come from middle of asia (some did, not all), they did
make it to the tables of some major providers.

On Tue, 6 Aug 2002, Omachonu Ogali wrote:

> If all else fails, break out Outlook and your favorite translator,
> because last time I checked, speaking English was not a requirement
> to run a network. Even if most of you do, this is not a "Majority
> Rules" situation.

This too is a concern when depending on foreign nocs to take action. I ran
into many non-english speaking nocs; mainly in south america.

        -- Ratul

On Tue, 6 Aug 2002, Omachonu Ogali wrote:

> What about announcing and registering with your IRR, more-specific
> routes for the period that the problem ONLY exists, instead of being
> lazy?
>
> If all else fails, break out Outlook and your favorite translator,
> because last time I checked, speaking English was not a requirement
> to run a network. Even if most of you do, this is not a "Majority
> Rules" situation.
>
> On Mon, Aug 05, 2002 at 10:47:33PM -0700, john () chagresventures com wrote:
> > get on the bandwaggon that filtering is a good thing ?? :)
> >
> > at some point some transit is going to listen and drop the announcement.
> >
> > Lets take an example.  Deep Dark middle of asia, someone starts announcing
> > a /24 of yours.  Their upstream takes the packet, and so forth.  At some point
> > they will touch a NSP or ISP (international service provider) and you can get
> > things dropped their.
>
> Yes. End of story. Go directly to the finish diamond at the end of
> your flowchart. If the next step in your flowchart is "pollute IRRs
> with 3592375238957235893275839572 /32s", please return your maintainer
> object.
>  
> > Your pushing out a /24 will help slurp some of the traffic towards you,
> > but not all.
> >
> > Personally I have deagged some prefixes to cause a DOS/DDOS towards a 
> > particular address to route down a slow connection I had.  Sacrifice
> > one link, to keep customers running on the others.  But thats different.
>
> Yes, but you removed it later on, correct?
>  
> > Its about networking, the people kind, at this point.
> >
> > cheers
> >
> > john brown
> > chagres technologies, inc
> >
> > On Mon, Aug 05, 2002 at 09:00:55PM -0400, Phil Rosenthal wrote:
> > > But the question is, what do you do if it's coming from somewhere with a
> > > difficult to contact NOC, and their upstream is difficult to contact as
> > > well?
> > >
> > > --Phil
> > >
> > > -----Original Message-----
> > > From: John M. Brown [mailto:jmbrown () ihighway net] 
> > > Sent: Monday, August 05, 2002 8:12 PM
> > > To: Phil Rosenthal
> > > Cc: nanog () merit edu
> > > Subject: Re: Deaggregating for emergency purposes
> > >
> > >
> > > Hmm, this would be a "Bad Idea" (TM) (C) 2002, DMCA Protected
> > >
> > > Having had this happen to me several different times, I'd have to 
> > > recommend, calling the NOC of the advertising party. as the pref'd way
> > > of handling it.
> > >
> > > On Mon, Aug 05, 2002 at 06:41:22PM -0400, Phil Rosenthal wrote:
> > > > I am currently announcing only my aggregate routes, but I have lately 
> > > > thought about the possibility of someone mistakenly, or maliciously, 
> > > > announcing more specifics from my space. The best solution for an 
> > > > emergency response to that (that I can think of), is registering all 
> > > > of the /24's that make up my network, so if someone should announce a 
> > > > more-specific, I can always announce the most specific that would be 
> > > > accepted (assuming they don't announce the /24's too, it should be a 
> > > > problem avoided)
> > > >
> > > > Does anyone else have any other ideas on ways to quickly deal with 
> > > > someone else announcing your more specifics, since contacting their 
> > > > NOC is likely going to take a long time...
> > > >
> > > > --Phil
>
> -- 
> Omachonu Ogali
> missnglnk () informationwave net
> http://www.informationwave.net