[6bone] 3FFE:4014::/32 - Another pTLA space hijack
Jeroen Massar
jeroen@unfix.org
Sun, 12 Jan 2003 16:30:11 +0100
Pekka Savola wrote:
> On 12 Jan 2003, Nicolas DEFFAYET wrote:
> > On Sun, 2003-01-12 at 07:13, Pekka Savola wrote:
> > > On 12 Jan 2003, Nicolas DEFFAYET wrote:
> > > [...]
> > > > Why we don't protect the 6bone whois database with mnt-lower ?
> > >
> > > Would that help significantly? Then people would just
> hijack the space
> > > and start advertising it. Now we can see when they add
> something ugly in
> > > the database :-).
> >
> > I don't agree with you, you can announce a route without
> something in
> > the database...
>
> .. which was exactly my point (perhaps not worded carefully):
> and that's
> why mnt-lower does not seem to help that much for this
> specific problem..
The people allowing that prefix to be announced and routed, thus their
upstreams shout also be shot on site as they apparently don't have
appropriate filters for their downstreams.
But, checking my TLA watcher (*) it didn't pop up at any of the
* = http://www.sixxs.net/tools/grh/tla/all/?prefix=3ffe:4014::/32
Coming to the above statement I wonder to what level 'tunnelbroker'
systems filter their downstreams. Eg. allowing only the delegated
space or allowing the tunnels to be used for complete transit which
when thinking along allows 1 way spoofing also something we don't want.
Figure out where packets are flowing from then... Limiting this
would also block out many potential problems.
Also be glad the italian guy didn't pick one prefix lower
otherwise you yourself would have been hurt if it where announced.
Greets,
Jeroen