Re: Blackhole route advertisements by AS14037 of our IP space - please filter them out at your end

From: Suresh Ramasubramanian (no email)
Date: Wed Nov 19 2008 - 23:43:12 EST

  • Next message: kris foster: "Re: Blackhole route advertisements by AS14037 of our IP space - please filter them out at your end"

    If you see 208.36.123.0/24 being announced from any other prefix than
    XO (2828 I guess) please ignore it. Especially if you see it
    announced from 19318 or 14037.

    On Thu, Nov 20, 2008 at 9:38 AM, Suresh Ramasubramanian
    <> wrote:
    > These routes are also being injected by another AS belonging to
    > Rackvibe - AS19318
    >
    > This is the guy from rackvibe who said he'd blackhole us because we
    > blocked him for hosting spammers.
    >
    > RNOCHandle: GC373-ARIN
    > RNOCName: Czupryna, Gregg
    > RNOCPhone: +1-201-605-1425
    > RNOCEmail:
    >
    > RTechHandle: GC373-ARIN
    > RTechName: Czupryna, Gregg
    > RTechPhone: +1-201-605-1425
    > RTechEmail:
    >
    > Network Next Hop Metric LocPrf Weight Path
    > *>i 208.36.123.0 209.123.44.153 100 0 8001 19318
    > 14037 i
    >
    > telnet route-server.quagga.net port 2605 shows various ASNs
    > exclusively getting blackhole routes from AS19318
    >
    >
    >
    > On Thu, Nov 20, 2008 at 8:03 AM, Suresh Ramasubramanian
    > <> wrote:
    >> Hi
    >>
    >> We blocked some prefixes belonging to AS14037 (rackvibe llc) due to
    >> their hosting spammers.
    >>
    >> Rackvibe decided to nullroute us back in reply - thats up to them I guess
    >>
    >> Only they're dumb enough to inject these blackhole announcements into
    >> the cloud, and various other networks are picking up on these
    >> announcements
    >>
    >> TIA for filtering these out at your end
    >>
    >> Our IPs are below - at least 208.36.123/24 seems to be announced as a
    >> blackhole route by rackvibe -
    >>
    >> 205.158.62.0/24
    >> 208.36.123.0/24
    >> 203.86.166.0/24
    >> 65.49.50.0/24
    >> 65.49.50.0/24
    >> 64.71.166.192/27
    >> 64.62.181.80/28
    >>
    >> srs
    >>
    >> Paths: (7 available, best #7, table Default-IP-Routing-Table)
    >> Not advertised to any peer
    >> 16150 6939 19318 14037
    >> 217.75.96.60 from 217.75.96.60 (217.75.96.60)
    >> Origin IGP, metric 0, localpref 100, valid, external
    >> Community: 16150:63392 16150:65320 16150:65426
    >> 3333 1103 1273 19318 14037
    >> 193.0.0.56 from 193.0.0.56 (193.0.0.56)
    >> Origin IGP, localpref 100, valid, external
    >> Community: 1103:1000 1273:21000 1273:21971 14037:6855 19318:999
    >> 19318:4000 19318:6855 19318:40012 21698:999 21698:4000 21698:6855
    >> 3277 3216 1273 19318 14037
    >> 194.85.4.55 from 194.85.4.55 (194.85.4.16)
    >> Origin IGP, localpref 100, valid, external
    >> Community: 1273:21000 1273:21971 3216:3000 3216:3001 3277:3216
    >> 14037:6855 19318:999 19318:4000 19318:6855 19318:40012 21698:999
    >> 21698:4000 21698:6855
    >> 812 19318 14037
    >>
    >
    >
    >
    > --
    > Suresh Ramasubramanian ()
    >

    -- 
    Suresh Ramasubramanian ()
    

  • Next message: kris foster: "Re: Blackhole route advertisements by AS14037 of our IP space - please filter them out at your end"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD