[AusNOG] Report on 1/8 traffic

Mark Newton newton at internode.com.au
Thu Apr 8 16:26:31 EST 2010 

On 08/04/2010, at 2:58 PM, Terry Manderson wrote:

> blog it? ;-)

When we get time :-)

>> To be honest the carriers/isps are less of an issue - few of those want to actively get in the way of a customer packet.  Most of the issues are related to content.   Especially Banks.  Especially Banks with outsourced IT.   People who don't really grok da InterWebZ and this CIDR rubbish and are too paranoid to change anything.
> 
> Right, so that was presumably with allocations that were considered pristine? And like it or not the interweb users are part of the net too :-)

Cisco was one of my personal bugbears when APNIC started using 59/8 for
the first time.  

They had (have?) a feature called "autosecure" which sets up all kinds of
gunk on IOS routers, including a bogon ACL that can be applied to peering
edge interfaces.

At the time, the bogon ACL was hard-coded into the IOS.  I probably don't
need to explain how that worked out...

We're rapidly reaching the point where bogon ACLs will be completely worthless
because all the v4 address space will have been assigned, so these days my
advice to people is to delete their bogon ACLs rather than amend them.  Yes,
I know Cymru runs a perfectly functional BGP-primed dynamic bogon service, 
but frankly most corporates with the aforementioned outsourced IT departments
don't know, don't care, can't be bothered, and don't listen.

One of the worst offenders was a national chain of department stores which
also operates smaller aligned brands for office supplies, electronics, liquor,
fashion, and all kinds of other gunk.  Each of their brands appeared to have its
own firewall with its own security policy and their own team of minions to 
look after it, and several of those teams interpreted my email and telephone
contacts as social engineering attacks which needed to be repelled, rather
than advice about how they'd objectively failed to correctly configure their
networks.  The consistency of their idiocy was so smooth, so rich and so 
thick that I can only conclude that it had some kind of KPIs associated
with it.  Words, at the time, failed me.


  - mark

--
Mark Newton                               Email:  newton at internode.com.au (W)
Network Engineer                          Email:  newton at atdot.dotat.org  (H)
Internode Pty Ltd                         Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223

More information about the AusNOG mailing list