Attacks on BGP Routing Ranges

Nikos Leontsinis Nikos.Leontsinis at eu.equinix.com
Wed Apr 18 13:12:29 UTC 2018


You are not supposed to announce that range anyway as you shouldn't be announcing your infrastructure range for your protection. Ask your upstream providers  not to expose that range too.
There are many ways around that selective redistribution or they can just protect that range.  How they do it is none of your concern and there are many ways of achieving this. In my view this should
be added on a best practice rfc. I am assuming that you are using that block just for your bgp session.

/nikos

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Ryan Hamel
Sent: Wednesday, April 18, 2018 11:38 AM
To: nanog at nanog.org
Subject: Attacks on BGP Routing Ranges

Hello,

I wanted to poll everyones thoughts on how to deal with attacks directly on BGP peering ranges (/30's, /127's).

I know that sending an RTBH for our side of the upstream routing range does not resolve the issue, and it would actually make things worse by blackholing all inbound traffic on the carrier I send the null to. What are my options for carriers that are not willing to help investigate the situation or write up a firewall rule to mitigate it on the circuit? I am not a fan of naming and shaming because it has unintended consequences.

Thanks in advance for everyone's suggestions.

Ryan Hamel
This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the use of the intended recipient and may be legally privileged. If you have received this email in error, please notify the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.



More information about the NANOG mailing list