CloudFlare issues?

• Previous message (by thread): CloudFlare issues?
• Next message (by thread): CloudFlare issues?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2019-06-24 20:16, Mark Tinka wrote:
> 
> 
> On 24/Jun/19 16:11, Job Snijders wrote:
> 
>>
>>     - deploy RPKI based BGP Origin validation (with invalid == reject)
>>     - apply maximum prefix limits on all EBGP sessions
>>     - ask your router vendor to comply with RFC 8212 ('default deny')
>>     - turn off your 'BGP optimizers'
> 
> I cannot over-emphasize the above, especially the BGP optimizers.
> 
> Mark.
> 

+1

https://honestnetworker.net/2019/06/24/leaking-your-optimized-routes-to-stub-networks-that-then-leak-it-to-a-tier1-transit-that-doesnt-filter/



-- 
hugge

• Previous message (by thread): CloudFlare issues?
• Next message (by thread): CloudFlare issues?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]