Re: BGP more specific prefixes

2008-08-30 Thread Sergio 
Raymond:

Thanks a lot for your comments, but... nobody can be sure that their complete 
prefix is routed OK to him (the "owner" AS).
Right?

Do you see this as a normal behavior?

What do you think that is the best way to protect about this?
Do you think that our upstreams can help us?

Best regards

On Saturday 30 August 2008 10:32:08 Raymond Dijkxhoorn wrote:
> Hi!
>
> > Some days ago, a BGP issue was announced about "IP hijacking".
> > OK, we understand that this is some "new" because the traffic is also
> > sent back to the "real owner" of the block.
>
> Traffic will walk the shotest path, so you can never tell its the 'real'
> owner that will receive this traffic.
>
> > What kind of security can we have (and all internet providers) about that
> > there is nobody announcing a subset of their prefix or a subset of their
> > customer prefixes (i.e. x.y.0.0/24) disturbing the "normal" traffic flow?
> > Of course, we know about prefix monitoring tools (from RIPE and others)
> > but... it is the best solution?
> >
> > Or simply anyone can announce the /24 prefix that he want "capturing"
> > that /24 prefix (of course if the "normal" prefix is smaller than that
> > (i.e. /16))?
> > In other words... can anybody "capture" the /24 prefix that he want?
>
> If i start announing your /24, and my upstreams dont do proper filtering,
> i steal your prefix, easy as that. As little this may be, my most direct
> peerings will accept the routes and off you go.
>
> And prefix filtering is within some providers not even per customer, we
> personally had for example issues with a big carrier, somethhing with a 3
> inside their name, who only had a large prefix filter with *ALL* their
> customers, so if another customer of that same 3 would announce our
> prefixes, it would be ok for them, and that happened. So we were
> blackholed, since that other customer had many peerings with '3' on
> various locations.
>
> So even with 'some' filtering in place bad things can and will happen.
>
> > The question is very simply, It is very very difficult for me to believe
> > that anybody can "shutdown" the /24 network that he wants in the world.
> > I am right?
>
> No? Its dead simple in fact. Totally shut down, no, since you most likely
> have direct peers who have a shorter path.
>
> > Or may be that simply internet works like this and the providers are very
> > careful about what accepts from their customers and what announces to
> > other providers?
>
> Ghe ... you think route leaking and stealing dont happen on a daily base?
> Go look and see where a major part of your spam is comming from, yes,
> stolen prefixes.
>
> > In other words... There is anybody in internet that can be sure that
> > their traffic (traffic destined to their prefix)  is not going to be
> > "stoled"? If yes... how?
> >
> > Keep in mind that announcing the same prefixes than the attacker will not
> > solve totally the problem because it is only a partial solution.
> >
> > If announcing a more specific /24 network is so easy... why does this not
> > happen every day (for example for shutting down competitors sites)?
>
> It does happen daily, wake up!
>
> Bye,
> Raymond.

XO and microsoft.com

2009-04-01 Thread Sergio D. 
Anyone going out through XO having problems getting to microsoft.com? This
seems to work out our other connections but not XO.
Thanks.

-- 
Sergio Danelli

Re: XO and microsoft.com

2009-04-01 Thread Sergio D. 
(http://xostats.xo.com/cgi-bin/xostats/diagtool-pub) traceroute from their
Chicago node:
 traceroute 207.46.19.190

 Type escape sequence to abort.
 Tracing the route to 207.46.19.190
 * * *
   1 65.106.2.113 0 msec 0 msec 4 msec
   2 65.106.6.193 0 msec 0 msec 4 msec
   3 65.106.1.42 4 msec 0 msec 4 msec
   4   * * *

and from our location it seems to die there:

 1 1 ms 1 ms 1 ms  10.1.130.1
 2 2 ms 2 ms 1 ms  64.244.80.169
 3 6 ms 5 ms 5 ms  ip65-47-232-113.z232-47-65.customer.algx.net[65
47.232.113]
 4 5 ms 4 ms 5 ms  ge5-2-0-0.mar1.saltlake-ut.us.xo.net[207.88.83.
21]
 518 ms17 ms60 ms  p4-1-0-0.rar1.denver-co.us.xo.net[65.106.6.85]

 618 ms18 ms19 ms  p0-0-0d0.rar2.denver-co.us.xo.net[65.106.1.74]

 768 ms50 ms   244 ms  p1-0-0.rar1.chicago-il.us.xo.net[65.106.0.26]
 841 ms41 ms41 ms  te-3-1-0.rar3.chicago-il.us.xo.net[65.106.1.42]

 941 ms41 ms41 ms  207.88.13.5.ptr.us.xo.net [207.88.13.5]
10 *** Request timed out.
11 *** Request timed out.
12 *** Request timed out.

On Wed, Apr 1, 2009 at 2:18 PM, ChrisSerafin  wrote:

> I had a ton of problems getting out to MSDN from our data center at
> Chicago/Equinix but our office connection on XO seemed to be fine
>
>
> Sergio D. wrote:
>
>> Anyone going out through XO having problems getting to microsoft.com?
>> This
>> seems to work out our other connections but not XO.
>> Thanks.
>>
>>  
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database:
>> 270.11.35/2034 - Release Date: 04/01/09 06:06:00
>>
>>
>>
>
>


-- 
Sergio Danelli