Someone seems to have leaked this out, with the following data within the bgp update: Unknown BGP attribute 92 (flags: 234) Hexdump start--- DD 78 FF 71 Hexdump end ---- Not sure what prefix this was related to yet, but if you saw your BGP drop, it could be related to improper handling of this. Seemed to go out around 2200 UTC - Jared
Getting back to networks... Saw our two BGP listening ports drop (Verizon and Qwest) at 2150UTC. Nortel SR1004. Isn't that nice. On 12/16/2010 04:57 PM, Jared Mauch wrote:
Someone seems to have leaked this out, with the following data within the bgp update:
Unknown BGP attribute 92 (flags: 234) Hexdump start--- DD 78 FF 71 Hexdump end ----
Not sure what prefix this was related to yet, but if you saw your BGP drop, it could be related to improper handling of this.
Seemed to go out around 2200 UTC
- Jared
On 12/16/2010 5:57 PM, Jared Mauch wrote:
Someone seems to have leaked this out, with the following data within the bgp update:
Unknown BGP attribute 92 (flags: 234) Hexdump start--- DD 78 FF 71 Hexdump end ----
This appeared to bite my Level3-connected bandwidth as well. Time period was about 2151 UTC with things being restored at 2207 UTC. Do typical BGP sessions end up being reconnected after 15 minutes? Cordially Patrick
On 12/16/2010 10:41 PM, Randy Bush wrote:
Unknown BGP attribute 92 (flags: 234) Hexdump start--- DD 78 FF 71 Hexdump end ---- This appeared to bite my Level3-connected bandwidth as well.
sigh. is this an attack by a black hat, or by an rir and researchers who do not know how to say "oops, sorreee!?"
randy
Even weirder, a remote server running SmokePing showed a 11ms increase in latency from 24ms to 35ms, which started after service was restored, then a drop at precisely 11:00PM Eastern back to original, lower levels of latency. That is, 4:45PM 24ms on Level3 4:50PM to 5:07PM - Level3 outage 5:08PM to 10:59: 35ms on Level3 11:00PM and after: 24ms on Level3 Very odd. --Patrick
At 12:41 17/12/2010 +0900, Randy Bush wrote:
Unknown BGP attribute 92 (flags: 234) Hexdump start--- DD 78 FF 71 Hexdump end ---- This appeared to bite my Level3-connected bandwidth as well.
sigh. is this an attack by a black hat, or by an rir and researchers who do not know how to say "oops, sorreee!?"
Or who do not know how to warn us in advance: http://www.merit.edu/mail.archives/nanog/2009-01/msg00306.html http://www.merit.edu/mail.archives/nanog/2009-01/msg00320.html http://www.merit.edu/mail.archives/nanog/2009-01/msg00334.html -Hank
sigh. is this an attack by a black hat, or by an rir and researchers who do not know how to say "oops, sorreee!?" Or who do not know how to warn us in advance:
i really enjoy that that experiment pissed you off big-time. like you have the technical incompetence to think it was at all dangerous or a problem. if i took it personally, as you seem to, i would remove my zones from being secondaried on rip.psg.com. and i might do something about the many year storm of recursive dns requests to rip.psg.com (which does not recurse) from your friends. after all, who would want to [ab]use the services of someone you like to excoriate for doing no harm? what bullshit! randy
participants (5)
-
Hank Nussbacher
-
Jared Mauch
-
Patrick Giagnocavo
-
Randy Bush
-
Rhys Rhaven