Attacks on BGP Routing Ranges

• Previous message (by thread): Attacks on BGP Routing Ranges
• Next message (by thread): Attacks on BGP Routing Ranges
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 18 Apr 2018, Ryan Hamel wrote:

>> c) do run BGP with GTSM, so you can drop BGP packets with lower TTL than 255
>
> Could you explain how this can resolve my issue? I am not sure how this would work.

If the issue is flooding to your interface IP, that's not a relevant 
countermeasure.  You're pretty much limited to asking the upstream to 
filter traffic to your interface IP, or asking them if you can renumber 
the interface into non-globally-routed IPs.  If they're unwilling to do 
either, "you've chosen the wrong transit provider" and should start 
shopping for replacements.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
                              |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

• Previous message (by thread): Attacks on BGP Routing Ranges
• Next message (by thread): Attacks on BGP Routing Ranges
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]