Suspecious anycast prefixes

Danny McPherson danny at tcb.net
Thu May 5 10:39:32 CDT 2011


On May 5, 2011, at 9:43 AM, David Miller wrote:

> In a properly functioning system - folks that consume the service don't need to know which node they are utilizing.

Right, it doesn't matter IF things are functioning properly.  If they're not, however...

> Providing the capability for well behaved customers to select/prefer a particular node over another would also allow evildoers to select/prefer a particular node over others - thereby increasing the attack surface of this node, yes?

This isn't expressly about the capability to allow consumers to select one node of another, it's about transparency in which nodes they're using being visible in the control plane - there's no indication of that today.

As for attack surface expanse, no.  You could largely already accomplish something of this sort today in the elements of the forwarding path you influence if you were an evildoer aiming to do such a thing.

-danny



More information about the NANOG mailing list