[nsp-sec] intercage/atrivo

Chris Morrow morrowc at ops-netman.net
Thu Sep 11 23:43:40 EDT 2008 


On Fri, 12 Sep 2008, White, Gerard wrote:

>
> If they indeed are down, I wonder if this will trigger a string of
> troubles for
> customers who are Zlobb'ed and end up with no DNS Resolver :/   Not to
> mention other
> Categories of Hijacking Malware that will suddenly go silent...
>
> Might want to watch the behavior of your Inbound Helpdesk Queues in
> relation to this
> event...

User Access Verification

Username: rviews
route-views.oregon-ix.net>terminal length 0
route-views.oregon-ix.net>show ip bgp regex _27595
morrowc at u2:~/scripts/route-views$

no routes with their as in the path (that I can see on routeviews)

looking for: 67.210.0.0/20 shows me, however:

    Network          Next Hop            Metric LocPrf Weight Path
*  67.210.0.0/21    193.0.0.56                             0 3333 19151 
27595 i
*                   207.172.6.20            86             0 6079 6461 
32335 27595 i
*                   194.85.4.55                            0 3277 3216 
19151 27595 i
*                   66.185.128.48          514             0 1668 6461 
32335 27595 i
*                   89.149.178.10           10             0 3257 19151 
27595 i
*                   157.130.10.233                         0 701 1239 
19151 27595 i

.
.
.

grrr, my regex search is busticated :( damn I got all giddy :( (I had a 
spare " " at the end of my regex)

Amorrowc at u2:~/scripts/route-views$ ./pull-provider-routes.exp "27595" | 
egrep "^.. [123456789]"
*  64.28.176.0/20   193.0.0.56                             0 3333 19151 27595 i
*  67.210.0.0/21    193.0.0.56                             0 3333 19151 27595 i
*  67.210.8.0/22    193.0.0.56                             0 3333 19151 27595 i
*  67.210.14.0/23   193.0.0.56                             0 3333 19151 27595 i
*  69.22.162.0/23   193.0.0.56                             0 3333 6461 32335 27595 i
*  69.22.168.0/21   193.0.0.56                             0 3333 19151 27595 i
*  69.22.184.0/22   193.0.0.56                             0 3333 19151 27595 i
*  69.31.64.0/20    193.0.0.56                             0 3333 19151 27595 i
*  69.50.160.0/19   193.0.0.56                             0 3333 19151 27595 i
*  69.50.173.0/24   193.0.0.56                             0 3333 19151 27595 i
*  69.50.182.0/23   193.0.0.56                             0 3333 19151 27595 i

Sorry for the false alarm. Looks like 'wednesday or thursday' for wvfiber 
is longer than 'thursday eastern time'...

-Chris


>
> GW
> 855 - Bell Aliant
>
>> -----Original Message-----
>> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
>> Chris Morrow
>> Sent: Friday, September 12, 2008 12:26 AM
>> To: nsp-security at puck.nether.net
>> Subject: [nsp-sec] intercage/atrivo
>>
>> ----------- nsp-security Confidential --------
>>
>>
>> no more routes?? (according to route-views I think?)
>>
>> -chris
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
>> community. Confidentiality is essential for effective Internet
> security counter-measures.
>> _______________________________________________
>

More information about the nsp-security mailing list