get on the bandwaggon that filtering is a good thing ?? :) at some point some transit is going to listen and drop the announcement. Lets take an example. Deep Dark middle of asia, someone starts announcing a /24 of yours. Their upstream takes the packet, and so forth. At some point they will touch a NSP or ISP (international service provider) and you can get things dropped their. Your pushing out a /24 will help slurp some of the traffic towards you, but not all. Personally I have deagged some prefixes to cause a DOS/DDOS towards a particular address to route down a slow connection I had. Sacrifice one link, to keep customers running on the others. But thats different. Its about networking, the people kind, at this point. cheers john brown chagres technologies, inc On Mon, Aug 05, 2002 at 09:00:55PM -0400, Phil Rosenthal wrote:
But the question is, what do you do if it's coming from somewhere with a difficult to contact NOC, and their upstream is difficult to contact as well?
--Phil
-----Original Message----- From: John M. Brown [mailto:jmbrown@ihighway.net] Sent: Monday, August 05, 2002 8:12 PM To: Phil Rosenthal Cc: nanog@merit.edu Subject: Re: Deaggregating for emergency purposes
Hmm, this would be a "Bad Idea" (TM) (C) 2002, DMCA Protected
Having had this happen to me several different times, I'd have to recommend, calling the NOC of the advertising party. as the pref'd way of handling it.
On Mon, Aug 05, 2002 at 06:41:22PM -0400, Phil Rosenthal wrote:
I am currently announcing only my aggregate routes, but I have lately thought about the possibility of someone mistakenly, or maliciously, announcing more specifics from my space. The best solution for an emergency response to that (that I can think of), is registering all of the /24's that make up my network, so if someone should announce a more-specific, I can always announce the most specific that would be accepted (assuming they don't announce the /24's too, it should be a problem avoided)
Does anyone else have any other ideas on ways to quickly deal with someone else announcing your more specifics, since contacting their NOC is likely going to take a long time...
--Phil