[c-nsp] Peer pointing default route to us

James Bensley jwbensley at gmail.com
Wed Oct 1 13:53:34 EDT 2014 

On 29 September 2014 14:11, redscorpion69 <redscorpion69 at gmail.com> wrote:
> This is not Cisco-centric question, but maybe you could help me out.
>
> What is the best way to filter traffic comming in from one of our peers and
> going upstream. Basically we see the peer is sending traffic to IPs we're
> not announcing to them. They may very well have a default route pointing to
> us as well.
>
> Not going into fact that this is breaking peering policy rules, is there a
> dynamic way to filter this on (Juniper/Cisco) ?
>
> Regards
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


Are you sure they are doing this maliciously (e.g. to steal transit)?
Have you contacted them and confirmed if it is by mistake or not?

If the peer is doing this on purpose and you have verified that then
have you considered fighting fire with fire? (not that I am promoting
such behaviour [1] but I love a good laugh at the expensive of total
wankers)...

Have you considered sending them a default route via BGP that points
to somewhere else they likely have a route to, or sending them some of
their own prefixes via a likely next hop their side, or sending them
enough routes to fill their table, they probably haven't got good
filtering configured their side.

It costs £10 to spin up a virtual machine with a 10Gbps connection,
have you considered spinning several up and DoS'ing their control
plane in parallel? [2]

The list goes on...I'll leave it to you ;)

Cheers,
James.



[1] I lied, corse I fucking am!
[2] If you corse disruption to their users they might actually do
something about it....However giving them the entitlement to take
legal action against you becasue of the kind of wrong doings I have
mentioned above isn't "optimal"...sooooo....make sure you use a decent
VPN and fake/stolen credit card details. Hasn't let me down yet.

More information about the cisco-nsp mailing list