RE: Using unallocated address space

Sean_Donelan · February 14, 2001, 5:47am

Because this is only half the answer.

I always filtered my announcements, was careful to register all the
address blocks I used, and was very responsible for my own network.
It had no effect on someone else hijacking one of my addresses and
announcing it through a large ISP's route tables.

I was effectively cut off the network not because of anything I did, or
could control. Worse there was little I could do to fix it. I had to
wait three days for the large ISP (with whom I had no direct relationship)
engineer's to decide it was worth their effort to stop the source
of the false announcement.

Unfortunately this is not a unique occurance. Cable&Wireless, Sprint,
AT&T and UUNET have all had portions of their service knocked off the
Internet for various periods of time due to bogus announcements. Until
other ISPs fix their policies, I can knock your network off most of the
Internet, and there is nothing you can do to prevent it.

Miguel_A.L_Paraz · February 14, 2001, 1:55pm

I hope this is a remote possibility, but what are the chances of someone
malicious breaking into the "right" router and blackholing the worst possible
networks? If this is done, how long till it can be remedied?

Martin_Hannigan · February 14, 2001, 2:19pm

Hehe. Sprint is the worst offender, but once in a good way. Once I sunk Cyberpromo
to null0 and my filters were wrong and propagated. In this case, it took Sprint
3 days to deal, but it was a good 3 days. No spam.

In the normal sense, I hate to say it, but...shit happens. I typcially use the "Emergency
NOC" list that Sean created if I need something to be fixed.

Is it really taking people days to get bogon announcements fixed?

-M

Regards,