RE: Using unallocated address space
On Tue, 13 February 2001, "Brett L. Hawn" wrote:
Here I go being silly again, but how about people take responsability for their own networks and filter properly at their borders? All this talk of how to enforce things is pretty meaningless when you have countless members of NANOG itself half-assing their own networks and complaining about other people's.
Because this is only half the answer. I always filtered my announcements, was careful to register all the address blocks I used, and was very responsible for my own network. It had no effect on someone else hijacking one of my addresses and announcing it through a large ISP's route tables. I was effectively cut off the network not because of anything I did, or could control. Worse there was little I could do to fix it. I had to wait three days for the large ISP (with whom I had no direct relationship) engineer's to decide it was worth their effort to stop the source of the false announcement. Unfortunately this is not a unique occurance. Cable&Wireless, Sprint, AT&T and UUNET have all had portions of their service knocked off the Internet for various periods of time due to bogus announcements. Until other ISPs fix their policies, I can knock your network off most of the Internet, and there is nothing you can do to prevent it.
On Tue, Feb 13, 2001 at 09:47:15PM -0800, Sean Donelan wrote:
Unfortunately this is not a unique occurance. Cable&Wireless, Sprint, AT&T and UUNET have all had portions of their service knocked off the Internet for various periods of time due to bogus announcements. Until other ISPs fix their policies, I can knock your network off most of the Internet, and there is nothing you can do to prevent it.
I hope this is a remote possibility, but what are the chances of someone malicious breaking into the "right" router and blackholing the worst possible networks? If this is done, how long till it can be remedied? -- http://www.internet.org.ph The Philippine Internet Resource Mobile Voice/Messaging: +63-917-810-9728
At 09:47 PM 2/13/2001 -0800, Sean Donelan wrote:
On Tue, 13 February 2001, "Brett L. Hawn" wrote:
Here I go being silly again, but how about people take responsability for their own networks and filter properly at their borders? All this talk of how to enforce things is pretty meaningless when you have countless members of NANOG itself half-assing their own networks and complaining about other people's.
Because this is only half the answer.
I always filtered my announcements, was careful to register all the address blocks I used, and was very responsible for my own network. It had no effect on someone else hijacking one of my addresses and announcing it through a large ISP's route tables.
I was effectively cut off the network not because of anything I did, or could control. Worse there was little I could do to fix it. I had to wait three days for the large ISP (with whom I had no direct relationship) engineer's to decide it was worth their effort to stop the source of the false announcement.
Unfortunately this is not a unique occurance. Cable&Wireless, Sprint, AT&T and UUNET have all had portions of their service knocked off the Internet for various periods of time due to bogus announcements. Until other ISPs fix their policies, I can knock your network off most of the Internet, and there is nothing you can do to prevent it.
Hehe. Sprint is the worst offender, but once in a good way. Once I sunk Cyberpromo to null0 and my filters were wrong and propagated. In this case, it took Sprint 3 days to deal, but it was a good 3 days. No spam. :) In the normal sense, I hate to say it, but...shit happens. I typcially use the "Emergency NOC" list that Sean created if I need something to be fixed. Is it really taking people days to get bogon announcements fixed? -M Regards, -- Martin Hannigan hannigan@fugawi.net Fugawi Networks Engineering Boston, MA http://www.fugawi.net Ph: 617.742.2693 Fax: 617.742.2300
participants (3)
-
Martin Hannigan
-
Miguel A.L. Paraz
-
Sean Donelan