Bogus route announcements
This seems more appropriate here than on NAIPR. I took the liberty of removing the discussion that led up to it and leaving only Karl's words. This seems to tie in to the layer 2 filtering discussion here. ---------- Forwarded message ---------- Date: Fri, 31 Jan 1997 20:09:59 +73800 (CST) From: Karl Denninger <karl@Mcs.Net> To: Michael Dillon <michael@MEMRA.COM> Cc: naipr@lists.internic.net Subject: Re: Implied warranty of routability? Was: Re: US CODE: Title 15, ... [some discussion of bogus TLD's and bogus routes deleted] Balderdash. Just the other day 0.0.0.0/0 (yes, DEFAULT) was being propagated by a LARGE NUMBER of national providers -- from a rogue (and unintentional) announcement that came out of a particular firm in Virginia. This went on for well over SIX HOURS before it was stopped. It was transiting a large number of NATIONAL network provider's core hardware, and disrupting connectivity to a fair number of people, some of whom were completely clueless as to the cause. We found it because we run defaultless and ANY instance of default appearing in announcements or anywhere on our core is an instant five-alarm fire. When we finally called the guilty party (after informing peers and upstream links hours before with no effect), they had not heard ANYTHING about it as of yet, and the announcement was ALREADY a few hours old in our tables at that point. Filtered out quickly my tailfeathers. 99% of the companies out there don't filter ANYTHING at that kind of level. Try to maintain the filters on CISCO hardware to actually verify and prevent any rogue announcements -- good luck. You just can't do an EFFECTIVE job of this; the coordination you NEED to do so is completely non-existant between firms to make it possible, especially in the "swamp". Now you can get routes from only a route server, yes, and that does help. Quite a bit. But basically all providers of any significance have exchange point(s) where the RADB isn't used. If the address isn't something that someone else is using, and is of sufficient prefix size (in 206 and above) I bet it wouldn't be noticed for months -- if ever -- until someone tried to get a so-called "official" allocation of the same number and said "what the hell??" when they found it already in the tables. I bet I could announce a random "reserved" prefix and nobody would catch it for at least 30 days -- during which time it would work perfectly, and globally. Yes, doing that kind of thing would be highly antisocial. But don't think for an instant that anyone actually watches constructively for this kind of chicanery on the net. That would be a false assumption, as I think the little episode of the other day proves rather conclusively. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, Web servers $75/mo Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 312 248-9865] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
participants (1)
-
Michael Dillon