Re: Low-numbered ASes being hijacked? [Re: BGP Update Report]
----- Original Message -----
Do these people never check what exactly they end up originating outbound due to a config change, if that's really the case?
Of course not because their neighbors are allowing it to pass; so as with all hijacks, deaggregation, and other unfiltered noise, the only care is traffic going in and out. QA (let alone automated sanity checks) are alien concepts to many, and "well it works" is the answer from some when contacted.
That's sort of the BGP equivalent to BCP38 filtering, isn't it?
--- jason@rice.edu wrote: From: Jason Bothe <jason@rice.edu> I’m not new here but the thread caught my eye, as I am one of the lower ASs being mentioned. I guess there isn’t really anything one can do to prevent these things other than listening to route servers, etc. I guess it’s all on what the upstream decides to allow-in and re-advertise. ---------------------------------------------------------------- First, obviously, set BGP filters to allow only what you expect to send upstream. Then, look at what your routers are advertising to your upstreams using 'sho bgp advertised routes' type commands to make sure it's exactly what you're expecting to send. Last, look on route servers at various places around the internet to make sure everything is advertised to expectations . You can find a lot here: http://www.traceroute.org/#Route%20Servers Also, of course, all of this can be done on a regular basis using programs instead of being done manually. scott
participants (1)
-
Scott Weeks