+1 Announcing a prefix doesn't mean that the traffic to those IPs found within shall ever arrive. On Tue, Sep 11, 2012 at 8:43 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Tue, Sep 11, 2012 at 11:16 PM, Naveen Nathan <naveen@lastninja.net> wrote:
Well, mostly I'm taking GoDaddy at their word that this was not a DoS attack.
I also believe it was related to BGP, and am happy to get more info. But we are discussing Anonymous vs. Self-inflicted wound here.
I'm skeptical, BGPlay (http://bgplay.routeviews.org/) doesn't show any withdrawn routes for any of their prefixes over Sep 9-11. Infact, their BGP operation looks fairly operational during the time from what I can gather.
a bgp error doesn't HAVE to mean that they withdrew (or even re-announced!) anything to the outside world, does it?
for instance: border-router -> internet redistribute your aggregate networks from statics to Null0 on the border-router accept full routes so you can send them to the other borders and make good decisions at the external edge
border-router -> internal send default or some version of default via a fitler to internal datacenter routers/aggregation/distribution devices. accept from them (maybe) local subnets that are part of your aggregates
now, accidently remove the filter content for the sessions between the border and internal ... oops, your internal devices bounce with 'corrupted tables' (blown tables)... you still send your aggs steadily to the interwebs, wee!
-chris
-- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer