wg-multicast - Re: [JOD7949] TEN-155 RedIRIS link
Subject: All things related to multicast
List archive
- From: Marshall Eubanks <>
- To: Bill Owens <>
- Cc: Miguel Angel Sotos - NOC <>, Rob Evans <>, , ,
- Subject: Re: [JOD7949] TEN-155 RedIRIS link
- Date: Thu, 01 Feb 2001 14:43:20 -0500
Bill Owens wrote:
> At 20:08 +0100 2/1/01, Miguel Angel Sotos - NOC wrote:
> >Sorry, it was not the BGP session, it was the MSDP peering.
> >We have limited the SA announcements to 24 Kbps (due to RAMEN) and
> >now we are receiving a burst of announcements.
> >It seems we are victims of a RAMEN attack.
> >Here is some example:
> >
> >EB-Madrid00#sh ip msdp sa-cache | incl 63.250.209.99
> >(63.250.209.99, 233.22.147.80), RP 206.190.40.61, MBGP/AS 5779,
> >00:10:30/00:05:40
> >(63.250.209.99, 233.22.147.81), RP 206.190.40.61, MBGP/AS 5779,
> >00:10:30/00:05:40
> >(63.250.209.99, 233.22.147.121), RP 206.190.40.61, MBGP/AS 5779,
> >00:10:30/00:05:39
> >(63.250.209.99, 233.22.147.122), RP 206.190.40.61, MBGP/AS 5779,
> >00:10:30/00:05:39
> >. . .
> >
> >EB-Madrid00#sh ip msdp sa-cache | incl 63.250.209.148
> >(63.250.209.148, 233.22.147.82), RP 206.190.40.61, MBGP/AS 5779,
> >00:10:58/00:05:12
> >(63.250.209.148, 233.22.147.83), RP 206.190.40.61, MBGP/AS 5779,
> >00:10:58/00:05:12
> >(63.250.209.148, 233.22.147.125), RP 206.190.40.61, MBGP/AS 5779,
> >00:10:58/00:05:11
> >(63.250.209.148, 233.22.147.126), RP 206.190.40.61, MBGP/AS 5779,
> >00:10:58/00:05:11
>
> Those machines are not ramen infected (a quick check is to telnet to
> port 27374; an infected machine will answer, a clean one will not).
> The're located at broadcast.com, and are sending SAs for
> broadcast.com's GLOP space, corresponding to their ASN 5779. For
> details on GLOP addressing, see RFC2770. For details on why
> broadcast.com uses so many group addresses, you'll have to ask them
> ;) I've been fooled by this same set of advertisements myself, while
> looking for ramen-infected machines. . .
>
> Bill.
AS 5779 consistently uses about 500 + X groups and 500 X + 3 sources, with
X increasing by about one group per week. Occasionally they show up
in SDR, and you can generally get the fashion show from their web site.
Hey, don't complain - they're actually using multicasting.
Regards
Marshall Eubanks
T.M. Eubanks
Multicast Technologies, Inc
10301 Democracy Lane, Suite 410
Fairfax, Virginia 22030
Phone : 703-293-9624
Fax : 703-293-9609
e-mail :
http://www.on-the-i.com http://www.buzzwaves.com
- Re: [JOD7949] TEN-155 RedIRIS link, Miguel Angel Sotos - NOC, 02/01/2001
- Re: [JOD7949] TEN-155 RedIRIS link, Bill Owens, 02/01/2001
- Re: [JOD7949] TEN-155 RedIRIS link, Marshall Eubanks, 02/01/2001
- Re: [JOD7949] TEN-155 RedIRIS link, Jan Novak, 02/02/2001
- Re: [JOD7949] TEN-155 RedIRIS link, Bill Owens, 02/01/2001
Archive powered by MHonArc 2.6.16.