nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: someone is using my AS number

From: Joe Provo <nanog-post () rsuc gweep net>
Date: Thu, 13 Jun 2019 20:17:43 -0400
On Thu, Jun 13, 2019 at 09:58:20AM -0400, Joe Abley wrote:

Hey Joe,

On 12 Jun 2019, at 12:37, Joe Provo <nanog-post () rsuc gweep net> wrote:


On Wed, Jun 12, 2019 at 04:10:00PM +0000, David Guo via NANOG wrote:

Send abuse complaint to the upstreams


...and then name & shame publicly. AS-path forgery "for TE" was
never a good idea. Sharing the affected prefix[es]/path[s] would
be good.


I realise lots of people dislike AS_PATH stuffing with other peoples' AS numbers and treat it as a form of hijacking.

However, there's an argument that AS_PATH is really just a
loop-avoidance mechanism, not some kind of AS-granular traceroute
for prefix propagation. In that sense, stuffing 9327 into a prefix
as a mechanism to stop that prefix being accepted by AS 9327 seems
almost reasonable. (I assume this is the kind of TE you are talking
about.)

What is the principal harm of doing this? Honest question. I'm
not advocating for anything, just curious.


There is no way at a distance to tell the difference between:
- legitimate AS forwarding
- ham-fistedly attempting "innocent" TE away from the forged AS
- maliciously hiding traffic from the forged AS
- an error with the forged AS

IME, when you can NOT look like an error or an attack, that's a 
Good Thing.

The last "major" provider who failed to provide BGP community-based
TE was 3549, and with their absorbtion into 3356 no one should have
any tolerance for this garbage, IMNSHO.

Cheers,

joe


-- 
Posted from my personal account - see X-Disclaimer header.
Joe Provo / Gweep / Earthling
Previous By Date Next
Previous By Thread Next

Current thread: