nanog mailing list archives
Re: Anyone notice strange announcements for 174.128.31.0/24
From: Jeroen Massar <jeroen () unfix org>
Date: Wed, 14 Jan 2009 17:06:46 +0100
Simon Lockhart [mailto:simon () slimey org] wrote:
On Wed Jan 14, 2009 at 09:59:14AM +0200, Hank Nussbacher wrote:What if, by doing some research experiment, the researcher discovers some unknown and latent bug in IOS or JunOS that causes much of the Internet to go belly up? 1 in a billion chance, but nonetheless, a headsup would have been in order.Say we had a customer who connected to us over BGP, and they used some new experimental BGP daemon. Their announcement was "odd" in some way, but appeared clean to us (a Cisco house). Once their announcement hit the a Foundry router, it tickled a bug which caused the router to propogate the announcement, but also start to blackhole traffic. Oh dear, large chunks of the Internet have just gone belly up.
You mean like when people started using 32bit ASNs and all OpenBGPD implementations went belly up? See http://www.merit.edu/mail.archives/nanog/msg13416.html Happening clearly often. People should write proper implementations (Just in case, OpenBGPD acted correctly as it did it to the letter of the RFC, though it could have maybe warned the admins)
Should we have given a heads up to the Internet at large that we were turning up this customer?
ASN32 was known quite in advance, that doesn't mean that everybody updates or that all bugs are found. Vendors tend to deploy things into the wild which then break, simply because not all combinations of configuration can ever be tested. Infinite Monkeys etc ;)
Simon (Yes, I'm in the minority that thinks that Randy hasn't done anything bad)
Nah, I agree with Randy's experiment too. People should protect their networks better and this is clearly showing that there are a lot of vulnerable places in the core internet structure. Btw folks, when do you start implementing RPSL based filtering? Clearly a lot are using the BGP monitoring already and seem to love it, thus take the next step go full SIDR :) Greets, Jeroen
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Anyone notice strange announcements for 174.128.31.0/24, (continued)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Patrick W. Gilmore (Jan 13)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Sandy Murphy (Jan 13)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Jack Bates (Jan 13)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Matthew Kaufman (Jan 13)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Patrick W. Gilmore (Jan 13)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Matthew Kaufman (Jan 13)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Hank Nussbacher (Jan 13)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Simon Lockhart (Jan 14)
- RE: Anyone notice strange announcements for 174.128.31.0/24 Michienne Dixon (Jan 14)
- Re: Anyone notice strange announcements for 174.128.31.0/24 bmanning (Jan 14)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Jeroen Massar (Jan 14)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Andy Davidson (Jan 15)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Patrick W. Gilmore (Jan 15)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Nathan Malynn (Jan 15)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Jack Bates (Jan 14)
- Re: Anyone notice strange announcements for 174.128.31.0/24 John Payne (Jan 14)
- RE: Anyone notice strange announcements for 174.128.31.0/24 Michienne Dixon (Jan 14)
- Re: Anyone notice strange announcements for 174.128.31.0/24 kris foster (Jan 14)
- Re: Anyone notice strange announcements for 174.128.31.0/24 John Payne (Jan 15)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Adrian Chadd (Jan 13)
- Re: Anyone notice strange announcements for 174.128.31.0/24 Patrick W. Gilmore (Jan 13)