Re: Low-numbered ASes being hijacked? [Re: BGP Update Report]

["Scott Weeks" <surfer () mauigateway com>]

> ----- Original Message -----
> > > Do these people never check what exactly they end up originating
> > > outbound due to a config change, if that's really the case?
> >
> > Of course not because their neighbors are allowing it to
> > pass; so as with all hijacks, deaggregation, and other
> > unfiltered noise, the only care is traffic going in and
> > out. QA (let alone automated sanity checks) are alien
> > concepts to many, and "well it works" is the answer from
> > some when contacted.
>
> That's sort of the BGP equivalent to BCP38 filtering, isn't it?


--- jason () rice edu wrote:
From: Jason Bothe <jason () rice edu>

I’m not new here but the thread caught my eye, as I am one of 
the lower ASs being mentioned.  I guess there isn’t really 
anything one can do to prevent these things other than listening 
to route servers, etc.  I guess it’s all on what the upstream 
decides to allow-in and re-advertise.
----------------------------------------------------------------


First, obviously, set BGP filters to allow only what you expect
to send upstream.

Then, look at what your routers are advertising to your upstreams
using 'sho bgp advertised routes' type commands to make sure it's
exactly what you're expecting to send.

Last, look on route servers at various places around the internet 
to make sure everything is advertised to expectations .  You can
find a lot here: http://www.traceroute.org/#Route%20Servers

Also, of course, all of this can be done on a regular basis using 
programs instead of being done manually.

scott