(Arrive at the intended destination, that is) On Tue, Sep 11, 2012 at 9:18 PM, Kyle Creyts <kyle.cre...@gmail.com> wrote: > +1 > > Announcing a prefix doesn't mean that the traffic to those IPs found > within shall ever arrive. > > On Tue, Sep 11, 2012 at 8:43 PM, Christopher Morrow > <morrowc.li...@gmail.com> wrote: >> On Tue, Sep 11, 2012 at 11:16 PM, Naveen Nathan <nav...@lastninja.net> wrote: >>>> Well, mostly I'm taking GoDaddy at their word that this was not a DoS >>>> attack. >>>> >>>> I also believe it was related to BGP, and am happy to get more info. But >>>> we are discussing Anonymous vs. Self-inflicted wound here. >>> >>> I'm skeptical, BGPlay (http://bgplay.routeviews.org/) doesn't show any >>> withdrawn routes for any of their prefixes over Sep 9-11. Infact, their BGP >>> operation looks fairly operational during the time from what I can gather. >> >> a bgp error doesn't HAVE to mean that they withdrew (or even >> re-announced!) anything to the outside world, does it? >> >> for instance: >> border-router -> internet >> redistribute your aggregate networks from statics to Null0 on the >> border-router >> accept full routes so you can send them to the other borders and >> make good decisions at the external edge >> >> border-router -> internal >> send default or some version of default via a fitler to internal >> datacenter routers/aggregation/distribution devices. >> accept from them (maybe) local subnets that are part of your aggregates >> >> now, accidently remove the filter content for the sessions between the >> border and internal ... oops, your internal devices bounce with >> 'corrupted tables' (blown tables)... you still send your aggs steadily >> to the interwebs, wee! >> >> -chris >> > > > > -- > Kyle Creyts > > Information Assurance Professional > BSidesDetroit Organizer
-- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
