Re: Cyberattack from the Pakistani government?

[Danny McPherson <danny () tcb net>]

On Feb 25, 2008, at 2:45 PM, Florian Weimer wrote:

> * Richard M. Smith:
>
> > So a government order blocking an entire Web site isn't a  
> > cyberattack?  If
> > some criminal-types from Russia DoSed YouTube it would be front  
> > page news.
>
> Well, it's not just someone in Pakistan announcing the prefix.  In  
> order
> to have global impact, a Tier-1 had to put it into their view of the
> table.  It's not that everyone peers directly with the Pakistanis.

Not a tier-1, ANY of the 250k or so folks with a BGP
speaking router who has an upstream that doesn't
explicitly filter prefixes from customers (which is a whole
lot more than any of us would prefer).

> I guess you'd probably have seen similar routing leaks from German  
> ISPs,
> except that over here, blocking tends to be based on /32s, which  
> should
> not propagate very far.


Yeah, we folks hijack routes that prefer to do so in larger
swaths, specifically, /24 or longer, in order to accommodate
prefix/mask filter boundaries commonly deployed today.

-danny
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.