Fw: [6bone] fake/hijacked sTLA/pTLA's from AS1654

Christian Nickel dragon@tdoi.org
Tue, 2 Jul 2002 23:50:21 +0200

Previous message: [6bone] Re: Please make 3ffe::/16 reverse-delegations under ip6.arpa
Next message: [6bone] Re: Please make 3ffe::/16 reverse-delegations under ip6.arpa
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message ----- 
From: "Lars Albertsson" <lalle@sics.se>
To: "Jeroen Massar" <jeroen@unfix.org>
Cc: "'Christian Nickel'" <dragon@tdoi.org>; <6bone@mailman.isi.edu>; <joyride@sics.se>; <ipv6@sics.se>
Sent: Friday, June 28, 2002 4:48 PM
Subject: Re: [6bone] fake/hijacked sTLA/pTLA's from AS1654


> "Jeroen Massar" <jeroen@unfix.org> writes:
> 
> > Christian Nickel wrote:
> > 
> > > Hi,
> > > 
> > > I'm receiving some strange routing informations from AS1654
> > > via multiple other AS's. Have a look to the attached textfile.
> > > There are problems with SICS or someone announcing
> > > faked sTLA/pTLA's?
> 
> Thanks for the heads up. Some time seems to have passed, however, and
> some of the problems seems to have disappeared.
> 
> > Welll their router certainly is peeping up... and it is announcing
> > certain routes that it shouldn't.
> > Check http://www.ipng.nl/bgp/bgp-page-complete.html
> 
> I don't understand the implications of this page. I notice that SICS
> is at the end of many lines, but I don't know what that means. Maybe
> somebody can give me an example of a specific advertisement that we
> make that isn't correct?
> 
> > and http://www.ipng.nl/bgp/odd-routes.html
> > It also shows a LOT of unaggregated prefixes...
> 
> I see 3ffe:8400::/28, which is no longer in our routing tables, and
> 3ffe:6000::/24, which seems to be announced to us by CALDAN. I don't
> know why we are at the end of the chain, and would appreciate if
> somebody could dig out a log entry with an invalid advertisement. We
> are interested in getting rid of the problem, but we hardly have any
> resources to debug possible issues without knowing the details. :(
> Sorry about that...
> 
> > http://www.ipng.nl/bgp/odd-routes1.html
> 
> I don't see anything originated from us here now. 
> 
> > Almost anything goes to SICS.
> > It more or less looks like a replay from a _very_ old date.
> > Most of the announced prefixes _are_ valid but haven't been in active
> > use for a while.
> > 
> > SICS guys CC:'d
> > http://www.ipv6.sics.se/6bone_config/netstat_rn.dump looks kinda
> > normal.... odd...
> 
> Thanks for looking at our dumps. I can't see anything odd here now,
> however. If you notice something, please tell me what.
> 
> I think the router has restarted since you sent the mail, so some of
> the issues may have vanished.
> 
> Sorry if we have caused inconvenience.
> 
> Mikael: I'll be on vacation next week, so if any problems requiring
> urgent attention comes up, I can't handle it quickly.
> 
> /Lalle
> 
>

Previous message: [6bone] Re: Please make 3ffe::/16 reverse-delegations under ip6.arpa
Next message: [6bone] Re: Please make 3ffe::/16 reverse-delegations under ip6.arpa
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]