some friends and i were talking about recent routing cfs, and found we needed a clearer taxonomy. i throw this out. leak - i receive P and send it on to folk to whom i should not send it for business reasons (transit, peer, ...) mis-origination - i originate P when i do not own it hijack - an intentional mis-origination 7007 - i receive P (or some sub/superset), process it in some way (likely through my igp), and re-originate it, or part of it, as my own we need a name for 7007 other then vinnie randy
Randy Bush <randy@psg.com> wrote:
leak - i receive P and send it on to folk to whom i should not send it for business reasons (transit, peer, ...)
7007 - i receive P (or some sub/superset), process it in some way (likely through my igp), and re-originate it, or part of it, as my own
we need a name for 7007 other then vinnie
Laundered leak? Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ German Bight, Humber, Thames, Dover: West or northwest, backing southwest for a time, 6 to gale 8, increasing severe gale 9 at times, perhaps storm 10 later in German Bight and Humber. Rough or very rough, occasionally high later in German Bight and Humber. Rain at times. Good, occasionally poor.
On Wed, 18 Nov 2015, Randy Bush wrote:
7007 - i receive P (or some sub/superset), process it in some way (likely through my igp), and re-originate it, or part of it, as my own
we need a name for 7007 other then vinnie
Laundered leak?
how about re-origination?
might be misleading in case you don't re-originate P exactly but only "part of it". What about "origin scrubbing". Cheers matthias -- Matthias Waehlisch . Freie Universitaet Berlin, Inst. fuer Informatik, AG CST . Takustr. 9, D-14195 Berlin, Germany .. mailto:waehlisch@ieee.org .. http://www.inf.fu-berlin.de/~waehl :. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net
On Wed, 18 Nov 2015 at 22:29 Randy Bush <randy@psg.com> wrote:
7007 - i receive P (or some sub/superset), process it in some way (likely through my igp), and re-originate it, or part of it, as my own
we need a name for 7007 other then vinnie
Laundered leak?
how about re-origination?
+1 Mis-distribution. or may be Mis-redistribution Leak, Mis-origination, Hijack.. they all have something in common i.e. #culprit but re-origination sounds pretty legitimate. -- Best Wishes, Aftab A. Siddiqui
I think Tony's on the right track here. I vote we call this "Route Laundering", the people who do it "Route Launderers", and the routes themselves "Laundered Routes". I actually had a little trouble spelling the different forms of laundering. So I looked them up.. ----"I can't believe what a bunch of nerds we are. We're looking up "money laundering" in a dictionary." Casey Russell Network Engineer Kansas Research and Education Network 2029 Becker Drive, Suite 282 Lawrence, KS 66047 (785)856-9820 ext 9809 crussell@kanren.net On Wed, Nov 18, 2015 at 4:40 AM, Tony Finch <dot@dotat.at> wrote:
Randy Bush <randy@psg.com> wrote:
leak - i receive P and send it on to folk to whom i should not send it for business reasons (transit, peer, ...)
7007 - i receive P (or some sub/superset), process it in some way (likely through my igp), and re-originate it, or part of it, as my own
we need a name for 7007 other then vinnie
Laundered leak?
Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ German Bight, Humber, Thames, Dover: West or northwest, backing southwest for a time, 6 to gale 8, increasing severe gale 9 at times, perhaps storm 10 later in German Bight and Humber. Rough or very rough, occasionally high later in German Bight and Humber. Rain at times. Good, occasionally poor.
Laundered route I like it. Or re-originated laundered route (it has more meaning but a bit too long) .as On Wed, 18 Nov 2015 at 09:33 Casey Russell <crussell@kanren.net> wrote:
I think Tony's on the right track here. I vote we call this "Route Laundering", the people who do it "Route Launderers", and the routes themselves "Laundered Routes".
I actually had a little trouble spelling the different forms of laundering. So I looked them up..
----"I can't believe what a bunch of nerds we are. We're looking up "money laundering" in a dictionary."
Casey Russell Network Engineer Kansas Research and Education Network
2029 Becker Drive, Suite 282
Lawrence, KS 66047 (785)856-9820 ext 9809 crussell@kanren.net
On Wed, Nov 18, 2015 at 4:40 AM, Tony Finch <dot@dotat.at> wrote:
Randy Bush <randy@psg.com> wrote:
leak - i receive P and send it on to folk to whom i should not send it for business reasons (transit, peer, ...)
7007 - i receive P (or some sub/superset), process it in some way (likely through my igp), and re-originate it, or part of it, as my own
we need a name for 7007 other then vinnie
Laundered leak?
Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ German Bight, Humber, Thames, Dover: West or northwest, backing southwest for a time, 6 to gale 8, increasing severe gale 9 at times, perhaps storm 10 later in German Bight and Humber. Rough or very rough, occasionally high later in German Bight and Humber. Rain at times. Good, occasionally poor.
Don't get on Kens bad side. -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Ken Matlock Sent: Thursday, November 19, 2015 12:44 PM To: Valdis.Kletnieks@vt.edu Cc: North American Network Operators' Group Subject: Re: bad announcement taxonomy Origin NAT? ;) Ken
On Nov 18, 2015, at 11:15 PM, Valdis.Kletnieks@vt.edu wrote:
On Wed, 18 Nov 2015 18:21:32 -0600, David Edelman said:
How about Origin Obfuscation
Obfuscation implies intent. Most leaks and mis-announcements don't have intent because they're whoopsies.
Did someone say NAT? https://www.youtube.com/watch?v=v26BAlfWBm8 - Jared
On Nov 19, 2015, at 4:03 PM, Baker, Byrn <Byrn.Baker@charter.com> wrote:
Don't get on Kens bad side.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Ken Matlock Sent: Thursday, November 19, 2015 12:44 PM To: Valdis.Kletnieks@vt.edu Cc: North American Network Operators' Group Subject: Re: bad announcement taxonomy
Origin NAT? ;)
Ken
On Nov 18, 2015, at 11:15 PM, Valdis.Kletnieks@vt.edu wrote:
On Wed, 18 Nov 2015 18:21:32 -0600, David Edelman said:
How about Origin Obfuscation
Obfuscation implies intent. Most leaks and mis-announcements don't have intent because they're whoopsies.
On Friday, 20 November, 2015 14:05, "Jared Mauch" <jared@puck.nether.net> said:
Did someone say NAT?
Now *that's* how to make my Friday afternoon! You, sir, win the Internet for today. Regards, Tim.
On Nov 20, 2015, at 07:07 , tim@pelican.org wrote:
On Friday, 20 November, 2015 14:05, "Jared Mauch" <jared@puck.nether.net> said:
Did someone say NAT?
Now *that's* how to make my Friday afternoon! You, sir, win the Internet for today.
Regards, Tim.
You’re awarding him this? https://www.youtube.com/watch?v=iDbyYGrswtg <https://www.youtube.com/watch?v=iDbyYGrswtg> Owen
On Wed, Nov 18, 2015 at 10:15 PM, <Valdis.Kletnieks@vt.edu> wrote:
How about Origin Obfuscation
Obfuscation implies intent. Most leaks and mis-announcements don't have intent because they're whoopsies.
Well, if you take a route, change its origin as your own (or any other) and re-announce it (perhaps just a smaller prefix of it) I would assume some intent. Or they are super whoopsies. .as
On Thu, 19 Nov 2015 15:24:09 -0800, Arturo Servin said:
Well, if you take a route, change its origin as your own (or any other) and re-announce it (perhaps just a smaller prefix of it) I would assume some intent.
Or they are super whoopsies.
AS7007 was a whoopsie. And in fact, I'll go out on a limb and say that most, if not all, EGP->IGP->EGP re-injections are whoopsies. Because let's face it, if you had *intent*, you'd just start announcing it.
Well, if you take a route, change its origin as your own (or any other) and re-announce it (perhaps just a smaller prefix of it) I would assume some intent.
Or they are super whoopsies.
the original 7007, telkom malasia, ... were super whoopsies. the classic of redistributing bgp into igp and then igp back to bgp (unfiltered, no sugar or cream). the kind of stuff we warn about in class. randy
On Wed, Nov 18, 2015 at 5:06 AM, Randy Bush <randy@psg.com> wrote:
some friends and i were talking about recent routing cfs, and found we needed a clearer taxonomy. i throw this out.
leak - i receive P and send it on to folk to whom i should not send it for business reasons (transit, peer, ...)
mis-origination - i originate P when i do not own it
hijack - an intentional mis-origination
7007 - i receive P (or some sub/superset), process it in some way (likely through my igp), and re-originate it, or part of it, as my own
we need a name for 7007 other then vinnie
mis-origination. When you non-maliciously announce P as if you own it (even though you do not) the exact details of how you screwed the pooch are not externally important. And we have enough obscure names for things as it is. -Bill -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
On Wed, Nov 18, 2015 at 6:51 AM, William Herrin <bill@herrin.us> wrote:
On Wed, Nov 18, 2015 at 5:06 AM, Randy Bush <randy@psg.com> wrote:
some friends and i were talking about recent routing cfs, and found we needed a clearer taxonomy. i throw this out.
leak - i receive P and send it on to folk to whom i should not send it for business reasons (transit, peer, ...)
mis-origination - i originate P when i do not own it
hijack - an intentional mis-origination
7007 - i receive P (or some sub/superset), process it in some way (likely through my igp), and re-originate it, or part of it, as my own
we need a name for 7007 other then vinnie
mis-origination. When you non-maliciously announce P as if you own it (even though you do not) the exact details of how you screwed the pooch are not externally important. And we have enough obscure names for things as it is.
For that matter, just call it a hijack like it is. Don't legitimize originating a prefix you don't own by giving it an innocuous name. -Bill -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
Am 18.11.2015 um 13:08 schrieb William Herrin:
On Wed, Nov 18, 2015 at 6:51 AM, William Herrin <bill@herrin.us> wrote:
some friends and i were talking about recent routing cfs, and found we needed a clearer taxonomy. i throw this out.
leak - i receive P and send it on to folk to whom i should not send it for business reasons (transit, peer, ...)
mis-origination - i originate P when i do not own it
hijack - an intentional mis-origination
7007 - i receive P (or some sub/superset), process it in some way (likely through my igp), and re-originate it, or part of it, as my own
we need a name for 7007 other then vinnie mis-origination. When you non-maliciously announce P as if you own it (even though you do not) the exact details of how you screwed the
On Wed, Nov 18, 2015 at 5:06 AM, Randy Bush <randy@psg.com> wrote: pooch are not externally important. And we have enough obscure names for things as it is. For that matter, just call it a hijack like it is. Don't legitimize originating a prefix you don't own by giving it an innocuous name.
So probably it should be structured like this: _________ leak / hijack ----------------- mis-origination (which should be better described as: I originate P when I don't have the right to) \__________ origin scrubbing (I like that) It's a hijack (the result) in any case. If you want to differentiate between malice and stupidity/ignorance just call it "malicious hijack" opposed to "accidental hijack". And then list the cause (leak, mis-origination, origin scrubbing) Cheers, Mat
On Wed, Nov 18, 2015 at 8:50 AM, Mattia Rossi <mattia.rossi.mailinglists@gmail.com> wrote:
So probably it should be structured like this:
_________ leak / hijack ----------------- mis-origination (which should be better described as: I originate P when I don't have the right to) \__________ origin scrubbing (I like that)
It's a hijack (the result) in any case. If you want to differentiate between malice and stupidity/ignorance just call it "malicious hijack" opposed to "accidental hijack". And then list the cause (leak, mis-origination, origin scrubbing)
Hi Mat, I object to jargon on general principle. Excessive jargon makes technical disciplines needlessly inaccessible to folks who aren't steeped in the lore. Now and then there's a concept of such routine utility within the discipline that it's worth abbreviating into a word or short phrase. In that case, words that imply the concept are a good choice. Route Hijack is a good example of this. Creating jargon down in the weeds, though, that's a bad thing. Unwise. Something to be deliberately avoided. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
On Nov 18, 2015, at 9:45 AM, Roland Dobbins <rdobbins@arbor.net> wrote:
On 18 Nov 2015, at 21:40, William Herrin wrote:
Creating jargon down in the weeds, though, that's a bad thing.
'AS 7007' is jargon to those unaware of the history and context.
https://en.m.wikipedia.org/wiki/AS_7007_incident He can thank me later 😜 Stefan Fouant JNCIE-SEC, JNCIE-SP, JNCIE-ENT, JNCI m (703) 625-6243
Randy Bush wrote:
some friends and i were talking about recent routing cfs, and found we needed a clearer taxonomy. i throw this out.
leak - i receive P and send it on to folk to whom i should not send it for business reasons (transit, peer, ...)
mis-origination - i originate P when i do not own it
hijack - an intentional mis-origination
7007 - i receive P (or some sub/superset), process it in some way (likely through my igp), and re-originate it, or part of it, as my own
we need a name for 7007 other then vinnie So 7007 (laundering) might be (or not) a subset of a hijack which is a subset of mis-origination. What's the tree for a leak? I think a more structured approach is necessary if we are to delve on both technical definitions and intent.
--Aris
So 7007 (laundering) might be (or not) a subset of a hijack which is a subset of mis-origination. What's the tree for a leak? I think a more structured approach is necessary if we are to delve on both technical definitions and intent.
you can make it as complex as you want. and you're not even the worst i have been sent. but i won't play. i believe those terms are sufficient and can be combined. randy
participants (22)
-
Aftab Siddiqui -
Alejandro Acosta -
Aris Lambrianidis -
Arturo Servin -
Baker, Byrn -
Casey Russell -
David Edelman -
Jared Mauch -
Joe Abley -
Ken Matlock -
Matthias Waehlisch -
Mattia Rossi -
Nigel Titley -
Owen DeLong -
Randy Bush -
Roland Dobbins -
Stefan Fouant -
tim@pelican.org -
Todd Underwood -
Tony Finch -
Valdis.Kletnieks@vt.edu -
William Herrin