In this case, the very first thing you should probably do is to start announcing the more specific /24s to match their advertisements! Depending on AS-PATH length (how various nets hear your announcements vs. theirs) this may solve the immediate problem, allowing you to hunt them down and kill them at your leisure.
The downside to this is that we go from advertising /16's out, to advertising a fleet of /24's out, most of which would be filtered by Sprint's ever-lovin' CIDR-forcing wall. I agree with Sprint, and Sean, but in this case it pretty much makes it hard for us to force the issue by dropping to the same or smaller sized announcement.
Good thought, though! Even if it does result in going from 2 /16 announcements to 512 /24 announcements in the process, growing the routing tables, and generally making everyone else unhappy as well.
Only advertise the /24s that they're announcing of yours. And if you need to get them into Sprint, see if a multi- homed Sprint customer will temporarily shove them into Sprint and static them back to you via another provider/connection.
*sigh* There really MUST be some nice way of handling lame ISP's like this.
1) Announce *your own* routes more specifically. This may lose you ANS connectivity, though.
I meant ANS connectivity because of RADB issues, but yes, anyone who filters small announcements in your space won't see you.
I took that step last night, and was advised to remove it by those more in tune with legal issues. I guess it's not considered "nice" to sink to the same level as your attacker, and play dirty. :-}
No, but if it went on for 12 hours, I very well might do so.
Avi
Again, my thanks for you feedback and support!
Matt Petach
Sure, good luck. And if you're going for the shunning effect, tell us all who it is that you're having trouble with. Avi