BGP prefix filter list
sethm at rollernet.us
Tue May 21 00:57:31 UTC 2019
On 5/20/19 4:26 PM, John Kristoff wrote:
> On Mon, 20 May 2019 23:09:02 +0000
> Seth Mattinen<sethm at rollernet.us> wrote:
>> A good start would be killing any /24 announcement where a covering
>> aggregate exists.
> I wouldn't do this as a general rule. If an attacker knows networks are
> 1) not pointing default, 2) dropping /24's, 3) not validating the
> aggregates, and 4) no actual legitimate aggregate exists, (all
> reasonable assumptions so far for many /24's), then they have a pretty
> good opportunity to capture that traffic.
I'm talking about the case where someone has like a /20 and announces
the /20 plus every /24 it contains. I regard those as garbage announcements.
More information about the NANOG