Regarding smaller prefix for hijack protection
Arturo Servin
arturo.servin at gmail.com
Thu Aug 30 14:08:01 UTC 2012
Or better.
Sign your prefixes and create ROAs to monitor any suspicious activity.
There is an app for that:
http://bgpmon.net
Besides the normal service you can use also RPKI data to trigger alarms of possible hijacks
http://www.labs.lacnic.net/rpkitools/looking_glass/
You can query periodically with a simple curl/wget to see if your prefix is valid or invalid (possibly hijacked), e.g. http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.7.84.0/23
Polluting the routing table to protect against hijacks should be the last option and against an attack that is happening, and not for "just in case".
Regards,
/as
On 30 Aug 2012, at 08:00, Suresh Ramasubramanian wrote:
> You might find your /24 routes filtered out at a lot of places that do
> have sensible route filtering
>
> But then yes, it'd protect you against the idiots who dont know bgp
> from a hole in the ground anyway and let whatever hijacking happen
>
> But I'd suggest do whatever such announcement if and only if you see a
> hijack, as a mitigation measure.
>
More information about the NANOG
mailing list