Re: Heads-Up: GoDaddy Broke the Interwebs...

[Kyle Creyts <kyle.creyts () gmail com>]

+1

Announcing a prefix doesn't mean that the traffic to those IPs found
within shall ever arrive.

On Tue, Sep 11, 2012 at 8:43 PM, Christopher Morrow
<morrowc.lists () gmail com> wrote:
> On Tue, Sep 11, 2012 at 11:16 PM, Naveen Nathan <naveen () lastninja net> wrote:
> > > Well, mostly I'm taking GoDaddy at their word that this was not a DoS attack.
> > >
> > > I also believe it was related to BGP, and am happy to get more info.  But we are discussing Anonymous vs. 
> > > Self-inflicted wound here.
> >
> > I'm skeptical, BGPlay (http://bgplay.routeviews.org/) doesn't show any withdrawn routes for any of their prefixes 
> > over Sep 9-11. Infact, their BGP operation looks fairly operational during the time from what I can gather.
>
> a bgp error doesn't HAVE to mean that they withdrew (or even
> re-announced!) anything to the outside world, does it?
>
> for instance:
>   border-router -> internet
>    redistribute your aggregate networks from statics to Null0 on the
> border-router
>    accept full routes so you can send them to the other borders and
> make good decisions at the external edge
>
>   border-router -> internal
>     send default or some version of default via a fitler to internal
> datacenter routers/aggregation/distribution devices.
>     accept from them (maybe) local subnets that are part of your aggregates
>
> now, accidently remove the filter content for the sessions between the
> border and internal ... oops, your internal devices bounce with
> 'corrupted tables' (blown tables)... you still send your aggs steadily
> to the interwebs, wee!
>
> -chris



-- 
Kyle Creyts

Information Assurance Professional
BSidesDetroit Organizer