Hi Joe, On Thu, Jun 13, 2019 at 9:59 Joe Abley <jabley@hopcount.ca> wrote:
Hey Joe,
On 12 Jun 2019, at 12:37, Joe Provo <nanog-post@rsuc.gweep.net> wrote:
On Wed, Jun 12, 2019 at 04:10:00PM +0000, David Guo via NANOG wrote:
Send abuse complaint to the upstreams
...and then name & shame publicly. AS-path forgery "for TE" was never a good idea. Sharing the affected prefix[es]/path[s] would be good.
I realise lots of people dislike AS_PATH stuffing with other peoples' AS numbers and treat it as a form of hijacking.
However, there's an argument that AS_PATH is really just a loop-avoidance mechanism, not some kind of AS-granular traceroute for prefix propagation. In that sense, stuffing 9327 into a prefix as a mechanism to stop that prefix being accepted by AS 9327 seems almost reasonable. (I assume this is the kind of TE you are talking about.)
What is the principal harm of doing this? Honest question. I'm not advocating for anything, just curious.
Excellent question. 1/ We can’t really expect on the loop detection to work that way at the “jacked” side. So if this is innocent traffic engineering, it is unreliable at best. 2/ Attribution. The moment you stuff AS 2914 anywhere in the path, we may get blamed for anything that happens through the IP addresses for that route. In a way the ASNs in the AS_PATH attribute an an inter-organizational escalation flowchart. Kind regards, Job