North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Best way to deal with bad advertisements?
Hi Matt, > > In this case, the very first thing you should probably do is to > > start announcing the more specific /24s to match their advertisements! > > Depending on AS-PATH length (how various nets hear your announcements > > vs. theirs) this may solve the immediate problem, allowing you to hunt > > them down and kill them at your leisure. > > The downside to this is that we go from advertising /16's > out, to advertising a fleet of /24's out, most of which > would be filtered by Sprint's ever-lovin' CIDR-forcing > wall. If your more specific networks are filtered, then wouldn't the evil ISP's be filtered as well? This would be a large problem only if you gain transit from Sprint.... > I agree with Sprint, and Sean, but in this case > it pretty much makes it hard for us to force the issue > by dropping to the same or smaller sized announcement. Well, I'm not sure that the two entities can be put in the same sentence any more, but you can always leave the less specific /16 in there while you attempt to advertise the more speciic. > Good thought, though! Even if it does result in going > from 2 /16 announcements to 512 /24 announcements in > the process, growing the routing tables, and generally > making everyone else unhappy as well. I'd rather have happy workable customers and an unhappy community in the short run, than unhappy unworkable customers and a happy community. I think your letter will raise the awareness of this kind of problem. Of course we all know it's possible, but it's not a problem that we've had to deal with on a malicious level. ? I do assume that there's no doubt the evil-isp is doing this maliciously? > *sigh* There really MUST be some nice way of handling > lame ISP's like this. One thing you could do is coordinate with largerish ISPs to filter the incorect network from the affected peering sessions. While this is a stopgap fix, and not one to be repeated, I don't think you'd have problems getting it done w/ MCI, UUnet, AGIS, etc... > > 1) Announce *your own* routes more specifically. > > This may lose you ANS connectivity, though. > > And Sprint, and anyone else that filters small specifics. Again, not if you leave the /23 or /16s in place... Then you just revert to the pre-action situation. It is again important to note that if your announcement would be blocked by mask length policies, then the evil-isp would be as well. > > 2) Announce *their* routes more specifically. Ouch, that's playing as dirty as them. Can't recommend it unless it's life or death... > I took that step last night, and was advised to remove it by > those more in tune with legal issues. I guess it's not > considered "nice" to sink to the same level as your > attacker, and play dirty. :-} Aiyeee. > > 3) You can post to NANOG and other lists in an attempt to embarrass/ > > get someone who knows the jokers to poke them. I recommend this, show traceroutes, RR entries, InterNIC assignments, routing table dumps, and state the problem clearly. You can bet the appropriate folks will poke them. In summary, whatever they do to hit you, do for yourself in self-defense. Don't advertise their networks, just advertise your networks as specifically as needed. Continue to raise the ante by involving more appropriate folks, and provide specific documentation to those involved of what happened when. It sounds like a war to me. Try to find middle ground with them, there must be SOME reason they are after your cidr space. Perhaps you can negotiate a fix? I doubt it will be to long before a standard as-path list looks like this: .... ip as-path 10 deny EVIL-ISP1-AS ip as-path 10 deny EVIL-ISP2-AS ip as-path 10 deny EVIL-ISP3-AS .... In this age of global routing, with no central body, politicking and negotiation are your best tools for solution. There's no overseeing body to go to. You can gain allies, but it's up to you. Good luck, and count most folks here as allies. $.02 -alan - - - - - - - - - - - - - - - - -