Hmm, if someone (except masochists and security vendiors) still hosts efnet... I can only send them my condoleences. I saw sthe same dialogs 6 years ago. Nothing changes. ----- Original Message ----- From: "Stephen J. Wilcox" <steve@telecomplete.co.uk> To: <Michael.Dillon@radianz.com> Cc: <nanog@merit.edu> Sent: Tuesday, March 16, 2004 3:54 AM Subject: Re: Packet Kiddies Invade NANOG
On Tue, 16 Mar 2004, Michael.Dillon@radianz.com wrote:
People should be worried about stuff like this. Banetele is a facilities-based network operator in Norway and these guys are directly attacking their BGP sessions to put them off the air.
Can anyone from Banetele/who knows Banetele confirm this attack took
place?
Steve
Assuming that they are not sourcing the attacks in Banetele's AS, then you, the peer of Banetele are delivering the packet stream that kills the BGP session. How long before peering agreements require ACLs in border routers so that only BGP peering routers can source traffic destined to your BGP speaking routers?
(08:48:02) <#sigdie!OseK_> i just collapsed banetele's BGP announcement (08:48:43) <#sigdie!p> i dunno banetele looks dead (08:48:48) <#sigdie!p> or maybe im just lagging (08:49:00) <#sigdie!OseK_> ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) <#sigdie!OseK_> ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) <#sigdie!p> bash-2.05a$ telnetirc.banetele.no 6667 (08:49:13) <#sigdie!p> Trying 213.239.111.2... (08:49:16) <#sigdie!OseK_> thats cuz I collapsed their BGP announcement
by
nailing their router head on(08:49:26) <#sigdie!OseK_> but they have a secondary route to efnet (08:49:30) <#sigdie!_mre|42o> BGP announcement? (08:49:31) <#sigdie!OseK_> thru their multihomed connection (08:49:32) <#sigdie!OseK_> yeah (08:49:37) <#sigdie!OseK_> they have a collapsable route (08:49:44) <#sigdie!OseK_> using the border gateway protocl (08:49:54) <#sigdie!OseK_> hey have to announce to a pool (08:49:58) <#sigdie!OseK_> in order to establish their route (08:50:07) <#sigdie!OseK_> but if thye get hit enough their router drops the announcements (08:50:10) <#sigdie!OseK_> and they lose their routes (08:50:14) <#sigdie!OseK_> its wierd (08:50:21) <#sigdie!OseK_> i dont quite understand how it works myself