Anyone notice strange announcements for 174.128.31.0/24
Sandy Murphy
sandy at tislabs.com
Tue Jan 13 20:41:46 UTC 2009
>> It should be pointed out that pre-provisioned AS_Path filters and
>> prefix-lists would actually be effective at defeating this and
>> preventing someone who is actually malicious from using this
>> technique. This is an excellent argument for implementing SIDR...
>
>Finally we agree. Although I am not certain SIDR is the optimal
>answer, we agree it would solve the problem.
The sidr wg is working on protection of the origination of the
route - so the origin AS in the AS_PATH is known to be authorized
to originate routes to the prefix.
That's not full AS_PATH protection. sidr is not doing full AS_PATH protection.
Yet.
Protecting the origination is not sufficient, everyone recognizes that.
But protecting the origination is necessary for eventual full AS_PATH
protection, so we're not wasting our time, either.
Feel free to chime in on the sidr list about wanting full path protection.
As loud as you like.
--Sandy
More information about the NANOG
mailing list