Has PSI been assigned network 1?

Pretty bad, we a single DOS machine can hose Internet routing tables
all across the globe.
Name: system.sysDescr.0
OCTET STRING- (ascii): 80486 DOS 6.20.Windows 3.10 Enhanced Mode.NetManage SNMP 4.256

Didn't hose our routing. We consider this a matter of routing hygene.
If your going to do full routing you've got to be protected or be very
sure about who you are peering with. :slight_smile:

Well, if you are peering with PSI, or anyone else that trusts the
Ascend's RIP packets, then you are trusting any end user that
calls up their terminal server.

Someone pointed out to me in private email that at least Telebit has
addressed the problem of PPP negotiated IPs.

I would think that, just because someone has invested in bad hardware
doesn't excuse the rest of the net from suffering as a result.

It wouldn't take much effort to select a major DNS machine
say, ns.psi.net or mabye a root name server, or better yet
a router at MAE-East, to seriously hose large sections of the net.

Fortunately this doesn't have any operational impact. There have been
incidents in the past where major legitimate destinations were
accidentally announced by small sites hosing a good portion of the
global Internet for hours at a time. Particularly memorable was a 3
continent routing loop involving a bogus route to 140.222 that took
nearly half a day for some providers to fix and affected most traffic
from some of the providers affected. These get noticed.

Again- A goal of the PRS WG is to make it possible to quite painlessly
isolate such problems, at least localizing the problem. Another goals
in to make it easier to determine when aggregation (or proxy
aggregation) can be preformed without detrimental effects on routing.
Based on some earlier mail, this might have some immediate application
as well.


Is there more info on the PRS WG's efforts available somewhere?

A more difficult problem is where a small site is being incorrectly
announced, and this can be a major security issue. If someone were
to exploit this problem, they could signficantly impact the whole net.
And with source routing they could theortically re-route specific
IP data streams, without completely interrupting service.

This could have a much large impact than even packet sniffers have had
in the past.

These problems with regards to route filtering at source and destination
become even more critical as more people realize the
true nature of these problems there will come along some people
that will exploit these holes.