AT&T/as7018 now drops invalid prefixes from peers

Nick Hilliard nick at
Tue Feb 12 15:05:28 UTC 2019

Matthew Walster wrote on 12/02/2019 14:50:
> For initial deployment, this can seem attractive, but remember that one 
> of the benefits an ROA gives is specifying the maximum prefix length. 
> This means that someone can't hijack a /23 with a /24.

they can if they forge the source ASN.  RPKI helps against misconfigs 
rather than intentional hijackings.


More information about the NANOG mailing list