About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

bogus BGP annoucements - some thoughts for relief

  • From: Kurt Kayser < >
  • Date: Fri, 16 Jun 2000 22:05:20 +0200
Hi,

I'm trying to get rid of the section called 
'Advertised IANA Reserved Addresses' in the 
'RIPE NCC Region Weekly Routing Report'.

Since about some time I'm watching very interested how these networks
are still 'annoucable'. I have implemented a ingress-BGP filter list
that tell a syslogger to show all 'reserved-IP-space' announcements.

Since the advent of the RIS, it is even better to have some kind of
evidence which AS did announce when these networks. There is basically
nothing wrong with making mistakes, but I'm starting to believe that
some networks are being misused for spam or other annoyances.

Please have a look to the last week's list:
----------------------------------
Network            Origin AS  Description
39.96.40.224/30      14408     iCAIR
65.56.64.0/21         2941     Community News Service
109.177.9.0/24        1785     Sprint ICM
219.91.160.0/22       7742     InternetNow, Inc.
219.91.164.0/23       7742     InternetNow, Inc.

Funny enough that the RIS-database shows the following path for one of these
networks:

A 109.177.9.0/24    2000-06-13 13:24:25 212.20.151.253    13129 3549 6347 10664
A 109.177.9.0/24    2000-06-13 15:10:28 192.65.184.3      513 209 701 10664
A 109.177.9.0/24    2000-06-13 15:10:28 195.8.100.22      8259 5413 2828 701 10664

Always AS10664 as being the origin-AS. Wonder, why there is no such AS listed
in ARIN's database as well?!

There are small blocks, and I'm even missing some, which I'm seeing
constantly in variations:

Jun 15 19:23:57.558 MET_DST: %SEC-6-IPACCESSLOGNP: list 121 denied 0 1.1.1.0 -> 255.255.255.0, 2 packets
Jun 15 19:28:57.740 MET_DST: %SEC-6-IPACCESSLOGNP: list 121 denied 0 1.1.1.0 -> 255.255.255.0, 2 packets

If we want to try get some of this stuff out of the backbone and even decrease
some (unnecessary) BGP-traffic, why not publish a 'ingress BGP-filterlist' that
is endorsed by the RIPE-wg, RIPE or the community at large? 

What it basically does is:

1. Reject illegal prefixes (127/8, 0/0, RFC1918, etc.)
2. Log orginiators (if wanted)
3. Decrease SPAM-complaints
4. Prevent abuse

It's low on CPU (it's no IP filter-list!), just a BGP-ingress filter.

I have even added some prefix-length filter, but this is another topic,
and depends on your upstream's policy. (I just can't stand /32s in the table!).

Kurt
-- 
noris network GmbH  | Deutschherrnstr. 15-19 | 90429 Nuernberg
Tel. (0911) 27738-0 | Fax. (0911) 27738-100  | kurt@localhost
 %IDS-4-IP_IMPOSSIBLE_SIG: Sig:1102:Impossible IP Packet
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community