RE: Youtube BGP/IP hijacked

From: Scott Morris (smorris@ipexpert.com)
Date: Fri Feb 29 2008 - 18:41:38 ARST

• Next message: Scott Morris: "RE: Youtube BGP/IP hijacked"
• Previous message: Shine Joseph: "RE: i have a problem with creating vlan"
• Maybe in reply to: Shawn Zandi: "Youtube BGP/IP hijacked"
• Next in thread: Scott Morris: "RE: Youtube BGP/IP hijacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Well, and that likely is true. There are features of Remote Trigger
Blackhole features and things that can be set up to enact a policy (uRPF
check) where inbound traffic would fail the RPF if the outbound route was
assigned to a Null0 hop. all sorts of fun things like that.

An article I wrote about this a while back
(http://www.ipexpert.com/index.cfm/a/p/filteringwithholes) can give an idea
of the blackhole routing (outbound) concept. Just couple it with uRPF and
your inbound traffic from those routes die as well.

If you're good enough to put a tag on the static routes, you can not only
properly set it up to blackhole but can also properly set up to NOT pass
those routes along to BGP peers!

Gotta think, think, think though.

Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M
#153, JNCIS-ER, CISSP, et al.
CCSI/JNCI-M/JNCI-ER
VP - Technical Training - IPexpert, Inc.
IPexpert Sr. Technical Instructor

A Cisco Learning Partner - We Accept Learning Credits!

smorris@ipexpert.com

Telephone: +1.810.326.1444
Fax: +1.810.454.0130
http://www.ipexpert.com

-----Original Message-----
From: Shawn Zandi [mailto:szmetal@gmail.com]
Sent: Friday, February 29, 2008 3:37 PM
To: smorris@ipexpert.com; Cisco certification
Subject: Re: Youtube BGP/IP hijacked

yes, Thanks Scott,
I was looking at looking glass, I don't know policy of Tier1s and how day
should mitigate this problem, I've heard youtube is banned in Pakistan, if
that's true, maybe they have route the prefix to null on edge, then by
mistake has been redistributed - static to BGP :) Kidding, why sync is off
these days!

On Sat, Mar 1, 2008 at 12:21 AM, Scott Morris <smorris@ipexpert.com> wrote:
> Ok, you are correct, they are a transit. I hadn't researched, simply
> made an assumption off a post I saw on a different board.
>
> There appear to be 23 unique downstream ASN's that peer with Pakistan
> Telecom.

Shawn Zandi,
www.shafagh.com

• Next message: Scott Morris: "RE: Youtube BGP/IP hijacked"
• Previous message: Shine Joseph: "RE: i have a problem with creating vlan"
• Maybe in reply to: Shawn Zandi: "Youtube BGP/IP hijacked"
• Next in thread: Scott Morris: "RE: Youtube BGP/IP hijacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:50 ARST