[GTER] Novo caso de anúncios AS-PATH incorretos

MARLON BORBA MBORBA at trf3.jus.br
Thu Feb 19 16:12:19 -03 2009 

No caso não foi; tratou-se de erro na configuração dos roteadores do
provedor de origem.


-- 

Abraços,

Marlon Borba, CISSP, APC DataCenter Associate
Técnico Judiciário · Segurança da Informação
IPv6 Evangelist · MoReq-Jus Evangelist
TRF 3 Região
(11) 3012-1683
--
Practically no IT system is risk free.
(NIST Special Publication 800-30)
--


Em 19/2/2009 às 14:25, Fosforo <fosforo at gmail.com> gravou:

> Dependendo da aplicação/hw que trata os anúncios, até pode ser um
tipo
> de ataque.
> 
> []s Fosforo
> 
> On Tue, Feb 17, 2009 at 5:51 PM, Antonio Carlos Pina
> <antoniocarlospina at gmail.com> wrote:
>> Sim.
>>
>> Aqui:
>>
>> Feb 16 15:06:31.365 BRST: %BGP-6-ASPATH: Long AS path 8167 3257
29113 47868
>> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868
>> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868
>> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868
>> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868
>> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868
>> 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868
47868
>> 47868 47868 47868 47868 received from xxx.xxx.xxx.xxx : Has more
than 255 AS
>>
>> Pensei que tinha sido algum tipo de ataque :-)
>>
>> Abs
>>
>>
>> 2009/2/17 MARLON BORBA <MBORBA at trf3.jus.br>
>>
>>>
http://www.renesys.com/blog/2009/02/the-flap-heard-around-the-worl.shtml

>>>
>>>
>>> "The Details
>>>
>>> SuproNet (AS 47868) normally announces a single prefix,
>>> 94.125.216.0/21, to a single provider, CD-Telematika (AS 25512).
On
>>> February 16th at 16:23:30 UTC, we saw this same prefix via a
different
>>> provider, Sloane Park Property Trust (AS 29113), but with an AS
path
>>> exceeding 255 ASNs. Such messages continued for almost exactly one
hour
>>> or until 17:23:00 UTC. We observed Level 3 (AS 3356), Tiscali (AS
3257)
>>> and TeliaSonera (AS 1299) propagating most of these routes
globally,
>>> with a total of 230 unique ASes ultimately sending us the
problematic
>>> announcements."
>>>
>>> 255 ASNs!?
>>>
>>>
>>>
>>> --
>>>
>>> Abraços,
>>>
>>> Marlon Borba, CISSP, APC DataCenter Associate
>>> Técnico Judiciário · Segurança da Informação
>>> IPv6 Evangelist · MoReq-Jus Evangelist
>>> TRF 3 Região
>>> (11) 3012-1683
>>> --
>>> Practically no IT system is risk free.
>>> (NIST Special Publication 800-30)
>>> --
>>>
>>> --
>>> gter list    https://eng.registro.br/mailman/listinfo/gter 
>>>
>> --
>> gter list    https://eng.registro.br/mailman/listinfo/gter 
>>
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter

More information about the gter mailing list