[GTER] Novo caso de anúncios AS-PATH incorretos

Fosforo fosforo at gmail.com
Thu Feb 19 14:25:18 -03 2009


Dependendo da aplicação/hw que trata os anúncios, até pode ser um tipo
de ataque.

[]s Fosforo

On Tue, Feb 17, 2009 at 5:51 PM, Antonio Carlos Pina
<antoniocarlospina at gmail.com> wrote:
> Sim.
>
> Aqui:
>
> Feb 16 15:06:31.365 BRST: %BGP-6-ASPATH: Long AS path 8167 3257 29113 47868
> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
> 47868 47868 47868 47868 received from xxx.xxx.xxx.xxx : Has more than 255 AS
>
> Pensei que tinha sido algum tipo de ataque :-)
>
> Abs
>
>
> 2009/2/17 MARLON BORBA <MBORBA at trf3.jus.br>
>
>> http://www.renesys.com/blog/2009/02/the-flap-heard-around-the-worl.shtml
>>
>>
>> "The Details
>>
>> SuproNet (AS 47868) normally announces a single prefix,
>> 94.125.216.0/21, to a single provider, CD-Telematika (AS 25512). On
>> February 16th at 16:23:30 UTC, we saw this same prefix via a different
>> provider, Sloane Park Property Trust (AS 29113), but with an AS path
>> exceeding 255 ASNs. Such messages continued for almost exactly one hour
>> or until 17:23:00 UTC. We observed Level 3 (AS 3356), Tiscali (AS 3257)
>> and TeliaSonera (AS 1299) propagating most of these routes globally,
>> with a total of 230 unique ASes ultimately sending us the problematic
>> announcements."
>>
>> 255 ASNs!?
>>
>>
>>
>> --
>>
>> Abraços,
>>
>> Marlon Borba, CISSP, APC DataCenter Associate
>> Técnico Judiciário · Segurança da Informação
>> IPv6 Evangelist · MoReq-Jus Evangelist
>> TRF 3 Região
>> (11) 3012-1683
>> --
>> Practically no IT system is risk free.
>> (NIST Special Publication 800-30)
>> --
>>
>> --
>> gter list    https://eng.registro.br/mailman/listinfo/gter
>>
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
>



More information about the gter mailing list