Ha, it's amazing how fast people learn when they have to. Yesterday someone send us a traceroute: % traceroute -g 192.41.177.98 www.mci.net .... 6 core1-hssi3-0-gw.Washington.mci.net (204.70.1.222) 246 ms core5-hssi6-0-gw. Washington.mci.net (204.70.1.22) 19 ms 10.11.2.45 (10.11.2.45) 9 ms 7 mae-east-01.ix.ai.net (192.41.177.98) 175 ms 124 ms * 8 mae-east-plusplus.washington.mci.net (192.41.177.181) 557 ms 591 ms 9 core2-hssi2-0.Washington.mci.net (204.70.1.213) 643 ms core4-hssi1-0.Washin gton.mci.net (204.70.1.17) 614 ms core2-hssi2-0.Washington.mci.net (204.70.1.21 3) 499 ms .... But, when "traceroute -g" is dead, "ping-pong" trace is another friend: configure one ip static route you know they should not directly come to you, and trace on that, this is the trace after someone "reconfigured" their router last night: #sh ip route 204.70.101.101 Routing entry for 204.70.101.101/32 Known via "static", distance 1, metric 0 Routing Descriptor Blocks: * 192.41.177.98 Route metric is 0, traffic share count is 1 #trace 204.70.101.101 Type escape sequence to abort. Tracing the route to 204.70.101.101 1 mae-east-01.ix.ai.net (192.41.177.98) 16 msec 16 msec 16 msec 2 mae-east-plusplus.washington.mci.net (192.41.177.181) 16 msec 4 msec 4 msec 3 mae-east-01.ix.ai.net (192.41.177.98) 12 msec 4 msec 4 msec 4 mae-east-plusplus.washington.mci.net (192.41.177.181) 24 msec 24 msec 20 msec 5 mae-east-01.ix.ai.net (192.41.177.98) 36 msec 44 msec 36 msec 6 mae-east-plusplus.washington.mci.net (192.41.177.181) 36 msec 48 msec 44 msec 7 mae-east-01.ix.ai.net (192.41.177.98) 60 msec 64 msec 64 msec 8 mae-east-plusplus.washington.mci.net (192.41.177.181) 60 msec 68 msec 64 msec 9 mae-east-01.ix.ai.net (192.41.177.98) 64 msec 76 msec * 10 * mae-east-plusplus.washington.mci.net (192.41.177.181) 40 msec 36 msec 11 mae-east-01.ix.ai.net (192.41.177.98) 44 msec 44 msec 32 msec Please figure out a way to defeat this! Then of course you have netflow to tell you the source ip addresses of the traffic, you have the mean of packet filtering, rate-limit on mac addresses, null our their networks, etc... these are all Cxxxx related, don't know if Bxx and Axxxxx routers have similar features or not. definitely more fun than watch 2 hours 90210 special;-)
[In the message entitled "Re: not rewriting next-hop, pointing default, ..." on Sep 11, 15:23, Randy Bush writes:]
no neighbor 192.41.177.73 they should not care if you peer with them or not, they can have the upstream provider to give them your routes, then: ! set nexthop 192.41.177.121
Yes, folk seem to be doing this kind of thing, as shocking and disgusting a s it seems.
Hey, at least they know how to configure routers, now. Give them points for that, at least :-)
above.net$ traceroute -g 192.41.177.98 www.mci.net traceroute to www.mci.net (204.70.133.140): 1-30 hops, 78 byte packets 1 gate-96.sjc.above.net (207.126.96.161) 2.16 ms 3.92 ms 2.53 ms 2 mae-west-T3-2.above.net (207.126.96.238) 4.85 ms mae-west-T3-1.above.ne t ( 207.126.96.245) 4.77 ms mae-west-T3-2.above.net (207.126.96.238) 3.32 ms 3 mae-east-oc3.above.net (207.126.96.66) 74.0 ms 78.1 ms 122 ms 4 mae-east-01.ix.ai.net (192.41.177.98) 81.0 ms !S * 87.9 ms !S
-- Dave Rand dlr@bungi.com http://www.bungi.com
- Naiming Shen MCI - MCI Internet Engineering 2100 Reston Parkway - +1 703-715-7056 fax:703-715-7066 v272-7056 Reston, VA 20191