cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1997-04-28 - Re: Staale & Elm

Header Data

From: Rabid Wombat <wombat@mcfeely.bsfs.org>
To: Eric Murray <ericm@lne.com>
Message Hash: 00aa0c3284b7614e5281bd037ebed6efbea6f0842f29cab60f41b2be0e741ad8
Message ID: <Pine.BSF.3.91.970428094829.2715J-100000@mcfeely.bsfs.org>
Reply To: <199704280005.RAA18503@slack.lne.com>
UTC Datetime: 1997-04-28 15:20:38 UTC
Raw Date: Mon, 28 Apr 1997 08:20:38 -0700 (PDT)

Raw message

From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 28 Apr 1997 08:20:38 -0700 (PDT)
To: Eric Murray <ericm@lne.com>
Subject: Re: Staale & Elm
In-Reply-To: <199704280005.RAA18503@slack.lne.com>
Message-ID: <Pine.BSF.3.91.970428094829.2715J-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> > I have been noticing a problem contacting sites all over Northern and Central
> > Europe.
> > 

Sprint's network was somewhat overloaded due to the bogus routes
redirecting traffic onto their network. I doubt the problem spread as far
as Europe, at least on a widespread basis. We have about 200 sites
worldwide, only a few actually connected to Sprint. We only saw
intermittent failures reaching some sites for about an hour. 

The problem occured at about 11:30 a.m. EDT, when the routers in question 
began sending invalid paths. The routers were shutdown at 12:15. 
Re-convergence might have taken another 20 mins. or so.

>   A problem at an Internet service provider in Virginia
>   triggered a massive logjam on the Internet Friday, but
>   the trouble was cleared up later in the day, Sprint
>   Corp. said. A customer of MAI Network Services, a
>   McLean, Va.-based Internet provider that is among
>   900 companies that buy wholesale access to the Net
>   from Sprint, entered 10,000 duplicate routes to the
>   Internet backbone.   That caused massive access delays for
>   an undetermined number of users, a Sprint spokes
>   man said. 


FLX. ASN 7007.

The Sprint router took in 72,000 bogus routes from the downstream 
source before it crapped out. A lot of traffic ended up being re-directed 
to Sprint as a result of the route problem, causing them to haul higher 
than normal levels of traffic.


> 
> 
> I wonder how long it'll be possible for unauthenticated/unapproved people to
> mess around with routers.

Sprint probably should have been filtering routes / AS_PATH (insert debate
here) from its downstreams. This is a management challenge, but Bad
Things(tm) can happen if you don't. 

> can't bring down the whole net, they'll just pass a law requiring
> that anyone who wants the 'enable' password to a cisco have first
> passed a government-approved "Internet Administrators Class" and
> gotten a license.

Why are you picking on Cisco? The equipment in question was a pair of Bay
Networks BLN routers. The jury is still out as to whether this was a Bay
bug or a config screw-up. 

-r.w.

Thread