+1 Announcing a prefix doesn't mean that the traffic to those IPs found within shall ever arrive.
On Tue, Sep 11, 2012 at 8:43 PM, Christopher Morrow <morrowc.li...@gmail.com> wrote: > On Tue, Sep 11, 2012 at 11:16 PM, Naveen Nathan <nav...@lastninja.net> wrote: >>> Well, mostly I'm taking GoDaddy at their word that this was not a DoS >>> attack. >>> >>> I also believe it was related to BGP, and am happy to get more info. But >>> we are discussing Anonymous vs. Self-inflicted wound here. >> >> I'm skeptical, BGPlay (http://bgplay.routeviews.org/) doesn't show any >> withdrawn routes for any of their prefixes over Sep 9-11. Infact, their BGP >> operation looks fairly operational during the time from what I can gather. > > a bgp error doesn't HAVE to mean that they withdrew (or even > re-announced!) anything to the outside world, does it? > > for instance: > border-router -> internet > redistribute your aggregate networks from statics to Null0 on the > border-router > accept full routes so you can send them to the other borders and > make good decisions at the external edge > > border-router -> internal > send default or some version of default via a fitler to internal > datacenter routers/aggregation/distribution devices. > accept from them (maybe) local subnets that are part of your aggregates > > now, accidently remove the filter content for the sessions between the > border and internal ... oops, your internal devices bounce with > 'corrupted tables' (blown tables)... you still send your aggs steadily > to the interwebs, wee! > > -chris > -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
