At the Moment AS4000 / AS8584 is announcing the whole internet :-( For programming the cuise-missiles or SS20's - here is the data : aut-num: AS8584 descr: Barak AS as-in: from AS4000 10 accept ANY as-in: from AS5585 100 accept ANY as-out: to AS4000 announce AS8584 as-out: to AS5585 announce AS8584 default: AS4000 10 admin-c: AS261-RIPE tech-c: AS261-RIPE mnt-by: AS8584-MNT changed: ashor@barakitc.co.il 971126 source: RIPE person: Amir Shor address: Barak I.T.C. address: 15 Ha-Melacaha St. address: Rosh Ha-Ayin 48091, Israel phone: +972 3 9001082 fax-no: +972 3 9001090 e-mail: ashor@barakitc.co.il nic-hdl: AS261-RIPE changed: ashor@barakitc.co.il 971112 source: RIPE Ciao Bernhard -- Bernhard Kroenung, Bahnhofstr 8, 36157 Ebersburg/Rhoen, Germany +49 6656 910101 @work : bernhard@kroenung.de Work: +49 661 9011777 @home : horke@Rhoen.De @school : Bernhard.Kroenung@Informatik.FH-Fulda.De
It is such accidents that reinforce the notion of per-prefix filtering. Of course if one changes one's IRR/RIPE DB/RADB entries to deliberately announce the world there could still be a problem with auto-generated accept policy. The solution to *that* is quality assurance of the database, an ongoing issue in RIPE DB WG at least. Even then how does one prevent someone coding 'ANY' for their announce policy when they should not? In the old NFSNET days human inspection of IRR entries assured quality but that's not practical anymore at a central registry. sure, one has accept policy but other than excluding RFC1918 and your own address space and default you have no practical choice but to reference the other guy's aut-num object and the associated routes. Dana Hudes Graphnet Bernhard Kroenung wrote:
At the Moment AS4000 / AS8584 is announcing the whole internet :-(
For programming the cuise-missiles or SS20's - here is the data :
aut-num: AS8584 descr: Barak AS as-in: from AS4000 10 accept ANY as-in: from AS5585 100 accept ANY as-out: to AS4000 announce AS8584 as-out: to AS5585 announce AS8584 default: AS4000 10 admin-c: AS261-RIPE tech-c: AS261-RIPE mnt-by: AS8584-MNT changed: ashor@barakitc.co.il 971126 source: RIPE
person: Amir Shor address: Barak I.T.C. address: 15 Ha-Melacaha St. address: Rosh Ha-Ayin 48091, Israel phone: +972 3 9001082 fax-no: +972 3 9001090 e-mail: ashor@barakitc.co.il nic-hdl: AS261-RIPE changed: ashor@barakitc.co.il 971112 source: RIPE
Ciao Bernhard -- Bernhard Kroenung, Bahnhofstr 8, 36157 Ebersburg/Rhoen, Germany +49 6656 910101 @work : bernhard@kroenung.de Work: +49 661 9011777 @home : horke@Rhoen.De @school : Bernhard.Kroenung@Informatik.FH-Fulda.De
Seems like... http://www.academ.com/nanog/feb1998/origin.html ...is long overdue. Phil At 02:53 PM 4/7/98 -0400, Mr. Dana Hudes wrote:
It is such accidents that reinforce the notion of per-prefix filtering. Of course if one changes one's IRR/RIPE DB/RADB entries to deliberately announce the world there could still be a problem with auto-generated accept policy. The solution to *that* is quality assurance of the database, an ongoing issue in RIPE DB WG at least.
Even then how does one prevent someone coding 'ANY' for their announce policy when they should not? In the old NFSNET days human inspection of IRR entries assured quality but that's not practical anymore at a central registry.
sure, one has accept policy but other than excluding RFC1918 and your own address space and default you have no practical choice but to reference the other guy's aut-num object and the associated routes.
Dana Hudes Graphnet
Bernhard Kroenung wrote:
At the Moment AS4000 / AS8584 is announcing the whole internet :-(
For programming the cuise-missiles or SS20's - here is the data :
aut-num: AS8584 descr: Barak AS as-in: from AS4000 10 accept ANY as-in: from AS5585 100 accept ANY as-out: to AS4000 announce AS8584 as-out: to AS5585 announce AS8584 default: AS4000 10 admin-c: AS261-RIPE tech-c: AS261-RIPE mnt-by: AS8584-MNT changed: ashor@barakitc.co.il 971126 source: RIPE
person: Amir Shor address: Barak I.T.C. address: 15 Ha-Melacaha St. address: Rosh Ha-Ayin 48091, Israel phone: +972 3 9001082 fax-no: +972 3 9001090 e-mail: ashor@barakitc.co.il nic-hdl: AS261-RIPE changed: ashor@barakitc.co.il 971112 source: RIPE
Ciao Bernhard -- Bernhard Kroenung, Bahnhofstr 8, 36157 Ebersburg/Rhoen, Germany +49 6656
910101
@work : bernhard@kroenung.de Work: +49 661 9011777 @home : horke@Rhoen.De @school : Bernhard.Kroenung@Informatik.FH-Fulda.De
______________________________________________________________ Philip Bridge ++41 31 688 8262 bridge@ip-plus.net www.ip-plus.ch PGP: DE78 06B7 ACDB CB56 CE88 6165 A73F B703
Or maybe, use a route server! -abha ;) On Wed, 8 Apr 1998, philip bridge wrote:
Seems like...
http://www.academ.com/nanog/feb1998/origin.html
...is long overdue.
Phil
At 02:53 PM 4/7/98 -0400, Mr. Dana Hudes wrote:
It is such accidents that reinforce the notion of per-prefix filtering. Of course if one changes one's IRR/RIPE DB/RADB entries to deliberately announce the world there could still be a problem with auto-generated accept policy. The solution to *that* is quality assurance of the database, an ongoing issue in RIPE DB WG at least.
Even then how does one prevent someone coding 'ANY' for their announce policy when they should not? In the old NFSNET days human inspection of IRR entries assured quality but that's not practical anymore at a central registry.
sure, one has accept policy but other than excluding RFC1918 and your own address space and default you have no practical choice but to reference the other guy's aut-num object and the associated routes.
Dana Hudes Graphnet
Bernhard Kroenung wrote:
At the Moment AS4000 / AS8584 is announcing the whole internet :-(
For programming the cuise-missiles or SS20's - here is the data :
aut-num: AS8584 descr: Barak AS as-in: from AS4000 10 accept ANY as-in: from AS5585 100 accept ANY as-out: to AS4000 announce AS8584 as-out: to AS5585 announce AS8584 default: AS4000 10 admin-c: AS261-RIPE tech-c: AS261-RIPE mnt-by: AS8584-MNT changed: ashor@barakitc.co.il 971126 source: RIPE
person: Amir Shor address: Barak I.T.C. address: 15 Ha-Melacaha St. address: Rosh Ha-Ayin 48091, Israel phone: +972 3 9001082 fax-no: +972 3 9001090 e-mail: ashor@barakitc.co.il nic-hdl: AS261-RIPE changed: ashor@barakitc.co.il 971112 source: RIPE
Ciao Bernhard -- Bernhard Kroenung, Bahnhofstr 8, 36157 Ebersburg/Rhoen, Germany +49 6656
910101
@work : bernhard@kroenung.de Work: +49 661 9011777 @home : horke@Rhoen.De @school : Bernhard.Kroenung@Informatik.FH-Fulda.De
______________________________________________________________ Philip Bridge ++41 31 688 8262 bridge@ip-plus.net www.ip-plus.ch PGP: DE78 06B7 ACDB CB56 CE88 6165 A73F B703
__________________________________________________________________________ -------------------------------------------------------------------------- abha ahuja ahuja@merit.edu Merit Network, Inc. 734.764.0294
That is rediculous. Sounds like better filtering is needed. On Wed, 8 Apr 1998, philip bridge wrote:
Seems like...
http://www.academ.com/nanog/feb1998/origin.html
...is long overdue.
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP! We have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
On a dark and stormy night, Al Reuben said:
That is rediculous. Sounds like better filtering is needed.
Correct. If everyone filtered their connections, this would be a lot better. You can't filter your peers (easily in a way that it can scale well), but if you filter customer connections on a per-prefix basis, (and/or by as-path), you can reduce this type of nastyness. Customers should not be trusted, and peers should be looked upon with a great deal of concern, because they can send you anything pretty much. route-servers are a bit more scalable, but because most people don't keep their RR objects in place, it makes it a bit tougher to use those tools, not counting other things. Most folks end up creating their own. - Jared
On Wed, 8 Apr 1998, philip bridge wrote:
Seems like...
http://www.academ.com/nanog/feb1998/origin.html
...is long overdue.
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP! We have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- Work: jared@qual.net - We Make The Internet Work for Your Business 9-5pm(ET) 800 637 4424x2634 - 24x7 NOC - 800 424 3223 pgp key available via finger from jared@puck.nether.net
participants (6)
-
Abha Ahuja -
Al Reuben -
horke@mail.regio.net -
Jared Mauch -
Mr. Dana Hudes -
philip bridge