Re: Anyone notice strange announcements for 174.128.31.0/24

[Jack Bates <jbates () brightok net>]

Nathan Ward wrote:
> A suggestion I made to Randy at APRICOT in early 2007 when he was 
> presenting his BGP beacon bogon filter detection stuff[1] was that he 
> could use AS_PATH poisoning to detect broken filters and topology 
> between two ASes, not just the best route back to him from each AS.

I think a lot of the work done actually provided good results. AS_PATH 
poisoning might have provided a few more clues on the return path.

One thing I didn't see in the interpretation was that while some AS's 
were inconsistent with outbound probes, this leads one to believe that 
the IPs selected for the probes were most likely firewalls providing 
bogon filtering, and not bogon-filtering at an AS level.

Having dealt with quite a few reachability issues in 69/8, I got to talk 
to some really redneck organizations that barely knew a thing about 
their firewall.

This promises to be a much more interesting study, though I suspect it's 
heavily scoped due to the time it takes to run tests without being 
dampened. I presume there's at least one route acting as an anchor to 
detect dampening. If not, we can send Randy off to do it again. ;)


Jack