BGP prefix filter list

• Previous message (by thread): BGP prefix filter list
• Next message (by thread): BGP prefix filter list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 20 May 2019 23:09:02 +0000
Seth Mattinen <sethm at rollernet.us> wrote:

> A good start would be killing any /24 announcement where a covering 
> aggregate exists.

I wouldn't do this as a general rule.  If an attacker knows networks are
1) not pointing default, 2) dropping /24's, 3) not validating the
aggregates, and 4) no actual legitimate aggregate exists, (all
reasonable assumptions so far for many /24's), then they have a pretty
good opportunity to capture that traffic.

John

• Previous message (by thread): BGP prefix filter list
• Next message (by thread): BGP prefix filter list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]