[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Low-numbered ASes being hijacked? [Re: BGP Update Report]
- Subject: Low-numbered ASes being hijacked? [Re: BGP Update Report]
- From: surfer at mauigateway.com (Scott Weeks)
- Date: Sun, 30 Nov 2014 14:19:06 -0800
> ----- Original Message -----
>>> Do these people never check what exactly they end up originating
>>> outbound due to a config change, if that's really the case?
>>
>> Of course not because their neighbors are allowing it to
>> pass; so as with all hijacks, deaggregation, and other
>> unfiltered noise, the only care is traffic going in and
>> out. QA (let alone automated sanity checks) are alien
>> concepts to many, and "well it works" is the answer from
>> some when contacted.
>
> That's sort of the BGP equivalent to BCP38 filtering, isn't it?
--- jason at rice.edu wrote:
From: Jason Bothe <jason at rice.edu>
Iâ??m not new here but the thread caught my eye, as I am one of
the lower ASs being mentioned. I guess there isnâ??t really
anything one can do to prevent these things other than listening
to route servers, etc. I guess itâ??s all on what the upstream
decides to allow-in and re-advertise.
----------------------------------------------------------------
First, obviously, set BGP filters to allow only what you expect
to send upstream.
Then, look at what your routers are advertising to your upstreams
using 'sho bgp advertised routes' type commands to make sure it's
exactly what you're expecting to send.
Last, look on route servers at various places around the internet
to make sure everything is advertised to expectations . You can
find a lot here: http://www.traceroute.org/#Route%20Servers
Also, of course, all of this can be done on a regular basis using
programs instead of being done manually.
scott