illicit above.net announcements?
Anyone here who is on the Vienna/London/Amsterdam exchange(s) and who is seeing what is alleged here: above.net leaking and/or flapping routes that are not their own ? Is there a lookingglass at any of these exchanges that is publicly accessible? bye,Kai
Delivered-To: majordom-abusespamtools-out@xuxa.iecc.com Date: Fri, 2 Jun 2000 04:13:23 +1200 (NZST) From: Alan Brown <alan@manawatu.gen.nz> X-Sender: alanb@mailhost.manawatu.net.nz To: Kai Schlichting <kai@conti.nu> cc: spamtools@abuse.net Subject: Re: [spamtools] Re: spamtools-digest V2 #326 Sender: owner-spamtools@abuse.net Reply-To: spamtools@abuse.net
On Thu, 1 Jun 2000, Kai Schlichting wrote:
Hmm, please give me a list of the routes advertised as well as the peering points this was or is seen at.
Vienna Internet Exchange.
London Internet Exchange.
Amsterdam Internet Exchange.
Routes are 202.36.147/24, 202.36.148/24 and 202.50.71/24 ie superblocks of the same.
Any exchange that is more than a backroom operation in someone's closet has a policy prohibiting such unauthorized announcements. I will assume for now that these are route leaks that are escaping through above.net's BGP distribution filters: something that is entirely within the real of possibility, but which has to be stopped.
My suppliers refuse to stop advertising the /16s containing my netblocks into above.net - but claim to have set up /24 adverts into their other suppliers.
Unfortunately, those /24 adverts appear to be flapping. <sarcasm>I wonder who could be causing that and why they'd do it? </sarcasm>
AB
Anyone here who is on the Vienna/London/Amsterdam exchange(s) and who is seeing what is alleged here: above.net leaking and/or flapping routes that are not their own ?
Taking the first of the netblocks mentioned, I see it as a /16 over LINX from above.net: rt2-thdo#sh ip bgp 202.36.147.0 BGP routing table entry for 202.36.0.0/16, version 11913196 Paths: (5 available, best #1) Advertised to peer-groups: internal internalmcast 6461 4648 4648 4648, (aggregated by 4648 202.50.245.241) 195.66.224.76 from 195.66.224.76 (207.126.96.50) Origin IGP, metric 20, localpref 100, valid, external, atomic-aggregate, best Community: 2818:4050 6461 4648 4648 4648, (aggregated by 4648 202.50.245.241), (received-only) 195.66.224.76 from 195.66.224.76 (207.126.96.50) Origin IGP, metric 5320, localpref 100, valid, external, atomic-aggregate 6461 4648 4648 4648, (aggregated by 4648 202.50.245.241) 212.58.224.4 from 212.58.224.4 (212.58.224.4) Origin IGP, metric 20, localpref 100, valid, internal, atomic-aggregate Community: 2818:4050
Is there a lookingglass at any of these exchanges that is publicly accessible?
LINX has one: http://www.linx.net/cgi-bin/lg.pl?LINX-London Simon -- Simon Lockhart | Tel: +44 (0)1737 839676 Internet Engineering Manager | Fax: +44 (0)1737 839516 BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
I'm not seeing the /16 announcment presently, and the /24 announcments I see primarily through BBN Planet, and appear stable at present. vienna2#sh ip bgp 202.36.147.0 BGP routing table entry for 202.36.147.0/24, version 22186188 Paths: (4 available, best #4) Advertised to non peer-group peers: 207.98.190.5 1 4648 9325, (received & used) 4.24.144.33 from 4.24.144.33 (4.24.0.27) Origin IGP, metric 9080, localpref 100, valid, external 1 4648 9325, (Received from a RR-client) 4.24.145.29 (metric 24) from 207.98.190.5 (216.172.70.1) Origin IGP, metric 6710, localpref 100, valid, internal Originator: 216.172.70.1, Cluster list: 216.172.70.8 6113 701 4648 9325 192.41.177.249 from 192.41.177.68 (206.80.180.76) Origin IGP, metric 860000, localpref 86, valid, external 1 4648 9325 4.24.145.29 (metric 24) from 216.172.70.1 (216.172.70.1) Origin IGP, metric 6710, localpref 100, valid, internal, best vienna2# ========================== Alexander Kiwerski Senior Network Engineer Winstar Network Operations - West Desk: 206-574-3121 Fax: 206-574-3055 -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Simon Lockhart Sent: Thursday, June 01, 2000 9:17 AM To: Kai Schlichting Cc: nanog@merit.edu Subject: Re: illicit above.net announcements?
Anyone here who is on the Vienna/London/Amsterdam exchange(s) and who is seeing what is alleged here: above.net leaking and/or flapping routes that are not their own ?
Taking the first of the netblocks mentioned, I see it as a /16 over LINX from above.net: rt2-thdo#sh ip bgp 202.36.147.0 BGP routing table entry for 202.36.0.0/16, version 11913196 Paths: (5 available, best #1) Advertised to peer-groups: internal internalmcast 6461 4648 4648 4648, (aggregated by 4648 202.50.245.241) 195.66.224.76 from 195.66.224.76 (207.126.96.50) Origin IGP, metric 20, localpref 100, valid, external, atomic-aggregate, best Community: 2818:4050 6461 4648 4648 4648, (aggregated by 4648 202.50.245.241), (received-only) 195.66.224.76 from 195.66.224.76 (207.126.96.50) Origin IGP, metric 5320, localpref 100, valid, external, atomic-aggregate 6461 4648 4648 4648, (aggregated by 4648 202.50.245.241) 212.58.224.4 from 212.58.224.4 (212.58.224.4) Origin IGP, metric 20, localpref 100, valid, internal, atomic-aggregate Community: 2818:4050
Is there a lookingglass at any of these exchanges that is publicly accessible?
LINX has one: http://www.linx.net/cgi-bin/lg.pl?LINX-London Simon -- Simon Lockhart | Tel: +44 (0)1737 839676 Internet Engineering Manager | Fax: +44 (0)1737 839516 BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
participants (3)
-
Alexander Kiwerski -
Kai Schlichting -
Simon Lockhart