BGP prefix filter list
jtk at depaul.edu
Mon May 20 23:26:48 UTC 2019
On Mon, 20 May 2019 23:09:02 +0000
Seth Mattinen <sethm at rollernet.us> wrote:
> A good start would be killing any /24 announcement where a covering
> aggregate exists.
I wouldn't do this as a general rule. If an attacker knows networks are
1) not pointing default, 2) dropping /24's, 3) not validating the
aggregates, and 4) no actual legitimate aggregate exists, (all
reasonable assumptions so far for many /24's), then they have a pretty
good opportunity to capture that traffic.
More information about the NANOG