Attacks on BGP Routing Ranges

Jon Lewis jlewis at lewis.org
Wed Apr 18 11:39:19 UTC 2018


On Wed, 18 Apr 2018, Ryan Hamel wrote:

>> c) do run BGP with GTSM, so you can drop BGP packets with lower TTL than 255
>
> Could you explain how this can resolve my issue? I am not sure how this would work.

If the issue is flooding to your interface IP, that's not a relevant 
countermeasure.  You're pretty much limited to asking the upstream to 
filter traffic to your interface IP, or asking them if you can renumber 
the interface into non-globally-routed IPs.  If they're unwilling to do 
either, "you've chosen the wrong transit provider" and should start 
shopping for replacements.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
                              |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


More information about the NANOG mailing list