On 23 feb 2008, at 4:02, Tom Vest wrote:
Which one of the published fields is the key field that enables
you to identify the common recipient(s) of successive delegations
over time?
There is no such field.
I didn't think so. So there is no accurate way to get anything like
a sum of IP
In article <[EMAIL PROTECTED]>, Iljitsch
van Beijnum <[EMAIL PROTECTED]> writes
I'm not sure why exactly you want to know how much space goes to how
many organizations
Several days ago, it seemed to me that Stephen Sprunk suggested that it
would only take a change of policy of a handful of
Thus spake "Tom Vest" <[EMAIL PROTECTED]>
On Feb 23, 2008, at 1:54 PM, Stephen Sprunk wrote:
Rechecking my own post to PPML, 73 Xtra Large orgs held 79.28% of ARIN's
address space as of May 07; my apology for a faulty memory, but it's not
off by enough to invalidate the point.
The statisti
Pakistan is deliberately blocking Youtube.
http://politics.slashdot.org/article.pl?sid=08/02/24/1628213
Maybe we should all block Pakistan.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Will Hargrave
> Sent: Sunday, February 24, 2008 12:39 P
Tomas L. Byrnes wrote:
Clearly, they are incensed by youtube content, so what makes anyone
think that they would not be trying to engage in a case of Cyber-Jihad?
Because this usually doesn't work very well, is very evident, and easily
fixed? Even on a sleepy Sunday, it took 3491 about two ho
On Sun, Feb 24, 2008 at 4:06 PM, Tomas L. Byrnes <[EMAIL PROTECTED]> wrote:
>
> Clearly, they are incensed by youtube content, so what makes anyone
> think that they would not be trying to engage in a case of Cyber-Jihad?
>
Let's avoid speculation as to the why and reserve this thread for
glob
On Feb 24, 2008, at 12:45 PM, Stephen Sprunk wrote:
Thus spake "Tom Vest" <[EMAIL PROTECTED]>
On Feb 23, 2008, at 1:54 PM, Stephen Sprunk wrote:
Rechecking my own post to PPML, 73 Xtra Large orgs held 79.28% of
ARIN's address space as of May 07; my apology for a faulty
memory, but it's
While they are deliberately blocking Youtube nationally, I suspect the
wider issue has no malice, and is a case of poorly constructed/
implemented outbound policies on their part, and poorly constructed/
implemented inbound polices on their upstreams part.
On 25/02/2008, at 9:49 AM, Tomas
Clearly, they are incensed by youtube content, so what makes anyone
think that they would not be trying to engage in a case of Cyber-Jihad?
I hosted the site that was rated #1 on Google for the Jyllands Posten
(di2.nu) cartoons when it was a current issue, and I STILL get lots of
script kiddie DO
Looks like it just went back to normal:
cr1-sea-A>show ip bgp 208.65.153.253
BGP routing table entry for 208.65.153.0/24, version 41150187
Paths: (3 available, best #3)
Flag: 0x8E0
Advertised to update-groups:
1 3 4 6 13 14
16
3356 3549
On Sun Feb 24, 2008 at 04:32:45PM -0500, Martin Hannigan wrote:
> Let's avoid speculation as to the why and reserve this thread for
> global restoration activity.
So, from the tit-bits I've picked up from IRC and first-hand knowledge,
it would appear that 17557 leaked an announcement of 208.65.15
Which means that, by advertising routes more specific than the ones they
are poisoning, it may well be possible to restore universal connectivity
to YouTube.
> -Original Message-
> From: Michael Smith [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 24, 2008 1:23 PM
> To: [EMAIL PRO
I hate Cyber Jihads!
- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: Neil Fenemor <[EMAIL PROTECTED]>
Cc: Will Hargrave <[EMAIL PROTECTED]>; nanog@merit.edu
Sent: Sun Feb 24 16:06:50 2008
Subject: RE: YouTube IP Hijacking
Clearly, they are incensed by youtube co
I think it was NOT a typo. This was a test, much more important test for
this world than last american anti-satellite missile.
And if they do it again with more mind, site will became down for a
weeks at least... More of that, if big national telecom operator did it
and have neighbors to fil
-- "Tomas L. Byrnes" <[EMAIL PROTECTED]> wrote:
>It seems to me that a more immediately germane matter regarding BGP
>route propagation is prevention of hijacking of critical routes.
>
The best you can _probably_ hope for is a opt-in mechanism in
which you are alerted that prefixes you have "reg
I figured as much, but it was worth a try.
Which touches on the earlier discussion of the null routing of /32s
advertised by a special AS (as a means of black-holing DDOS traffic).
It seems to me that a more immediately germane matter regarding BGP
route propagation is prevention of hijacking of
> > Which means that, by advertising routes more specific than the ones they
> > are poisoning, it may well be possible to restore universal connectivity
> > to YouTube.
>
> Well, if you can get them in there Youtube tried that, to restore service
> to the rest of the world, and the announcem
Not if the hijackers have advertised a /24. Anything you advertise more
specific than /24 will be lost on many networks' filters.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Tomas L. Byrnes
Sent: Monday, 25 February 2008 8:49 AM
To: Michael Smith; [
On Sun Feb 24, 2008 at 01:49:00PM -0800, Tomas L. Byrnes wrote:
> Which means that, by advertising routes more specific than the ones they
> are poisoning, it may well be possible to restore universal connectivity
> to YouTube.
Well, if you can get them in there Youtube tried that, to restore
First the operational portion:
For all the affected network owners, please read and start
using/implement one of the following excellent ideas:
* Pretty Good BGP and the Internet Alert Registry
http://www.nanog.org/mtg-0606/pdf/josh-karlin.pdf
* PHAS: A Prefix Hijack Alert System
http://i
On Sun, 24 Feb 2008, Jeroen Massar wrote:
* Routing Registry checking, as per the above two
rr.arin.net & whois.ripe.net contains all the data you need
Networks who are not in there are simply not important enough to
exist on the internet as clearly those ops folks don't care about
their ne
http://www.google.com/reader/m/view/?source=mobilepack&v=2.1.4&rlz=1H2GGLE_en&i=-3701578819353178822&c=CMOjuszq3ZEC&n=1
On 2/24/08, Max Tulyev <[EMAIL PROTECTED]> wrote:
>
> I think it was NOT a typo. This was a test, much more important test for
> this world than last american anti-satellite m
On Sun, Feb 24, 2008 at 10:41:26PM +, Paul Ferguson wrote:
> The best you can _probably_ hope for is a opt-in mechanism in
> which you are alerted that prefixes you have "registered" with the
> aforementioned system are being originated by an ASN which is not
> authorized to originate them.
h
Fundamentally, this is a policy issue, and the implementation details
will need to be worked out, but today's event with YouTube is an
exclamation point on a problem many of us have been wrestling with for
some time: the advertising of unused but non-bogon address space by
cybercriminals.
Whether
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Daniel Roesen <[EMAIL PROTECTED]> wrote:
>On Sun, Feb 24, 2008 at 10:41:26PM +, Paul Ferguson wrote:
>> The best you can _probably_ hope for is a opt-in mechanism in
>> which you are alerted that prefixes you have "registered" with the
>> af
Tomas L. Byrnes wrote:
> Perhaps certain ASes that are considered "high priority", like Google,
> YouTube, Yahoo, MS (at least their update servers), can be trusted to
> propagate routes that are not aggregated/filtered, so as to give them
> control over their reachability and immunity to longer-
>1: Per my prior message, create a "SuperAS" that highly trusted entities
How do we qualify those, are they linked to the amount of revenue we would lose
from customers
if they can't reach them? Can I be one of those? :)
>2: Have some sort of algorithm that inversely relates AS number to longe
Very nice.. is there an ARIN equal that anyone knows of OR can you use
the RIPE one for ARIN registered space?
Just curious.. thanks..
Paul
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Paul Ferguson
Sent: Sunday, February 24, 2008 7:07 PM
To: [EMAIL
I'm sure we can all find a list of "critical infrastructure" ASes that
could be trusted to peer via the "high priority" AS. I'd say that the
criteria should be:
1: Hosted at a Tier 1 provider.
2: Within a jurisdiction where North American operators have a good
chance of having the law on their s
This is similar, and available for all regions/ASNs.
http://cs.unm.edu/~karlinjf/IAR/index.php
-- Jason
Paul Stewart wrote:
Very nice.. is there an ARIN equal that anyone knows of OR can you use
the RIPE one for ARIN registered space?
Just curious.. thanks..
Paul
-Original Message---
On Sun, Feb 24, 2008 at 07:19:07PM -0500, Paul Stewart wrote:
> Very nice.. is there an ARIN equal that anyone knows of OR can you use
> the RIPE one for ARIN registered space?
as the homepage states:
"MyASN is open to be used by anyone. You don't have to be a Local
Internet Registry (LIR) and y
On Feb 24, 2008, at 7:36 PM, Tomas L. Byrnes wrote:
I'm sure we can all find a list of "critical infrastructure" ASes that
could be trusted to peer via the "high priority" AS. I'd say that the
criteria should be:
1: Hosted at a Tier 1 provider.
That is a silly requirement.
(I am sorry, I tr
Jeroen Massar wrote:
* PHAS: A Prefix Hijack Alert System
http://irl.cs.ucla.edu/papers/originChange.pdf
(A live/direct BGP-feed version of this would be neat)
Does PHAS still work? I tried to submit a request to subscribe a few
weeks ago and never heard back from their automated system.
This candidate list of requirements is for route sources that North
American Operators should trust to propagate long prefix routes, nothing
more, nothing less. In that context, some of your comments don't really
make sense.
Perhaps you might like to propose criteria you would find useful in
se
On Feb 24, 2008, at 2:14 PM, Tomas L. Byrnes wrote:
I figured as much, but it was worth a try.
Which touches on the earlier discussion of the null routing of /32s
advertised by a special AS (as a means of black-holing DDOS traffic).
It seems to me that a more immediately germane matter rega
Not if only trusted peers are allowed to advertise to that AS. It's the
same mechanism proposed for blackholing on destination to dampen DOS a
while back, except it is to prevent hijacking, and therefore doesn't run
afoul of the AT&T patent (and now the prior art for this is in the
public domain).
On Sun, 24 Feb 2008 20:42:51 -0500
"Patrick W. Gilmore" <[EMAIL PROTECTED]> wrote:
> > 4: With state of the art security and operations.
>
> I think we agree, but I wouldn't have said it like that.
>
How about state-of-the-art routing security?
Seriously -- a number of us have been warning th
On Feb 25, 2008, at 12:31 AM, Steven M. Bellovin wrote:
Seriously -- a number of us have been warning that this could happen.
More precisely, we've been warning that this could happen *again*; we
all know about many older incidents, from the barely noticed to the
very
noisy. (AS 7007, anyon
On Sun, Feb 24, 2008 at 8:42 PM, Patrick W. Gilmore <[EMAIL PROTECTED]> wrote:
> > 2: Within a jurisdiction where North American operators have a good
> > chance of having the law on their side in case of any network outage
> > caused by the entity.
>
> This is also a bit strange. Do your us
It does sort of shed light on a sobering fact that some of the PCCW's of the
world are not using proper filtering, and with a coordinated effort, someone
could inject a large number of routes into the global routing table through
them effectively taking offline much of the Internet.
Anything more
On Mon, 25 Feb 2008, Steven M. Bellovin wrote:
How about state-of-the-art routing security?
The problem is what is the actual trust model?
Are you trusting some authority to not be malicious or never make a
mistake?
There are several answers to the malicious problem.
There are fewer answe
At 12:13 AM 25-02-08 +0100, Mikael Abrahamsson wrote:
For us who actually have customers we care about, we probably find it
better for business to try to make sure our own customers can't announce
prefixes they don't own, but accept basically anything from the world that
isn't ours.
You are
At 07:15 PM 24-02-08 -0500, Randy Epstein wrote:
More importantly, why is PCCW not prefix filtering their downstreams?
Why?
- Lack of clue
- Couldn't care less
- No revenue
Take your pick - or add your own reason. PCCW is not alone. They just
happen to be the latest in a long line of ISP
43 matches
Mail list logo
