BGP prefix filter list
cb.list6 at gmail.com
Tue May 21 01:29:37 UTC 2019
On Mon, May 20, 2019 at 5:59 PM Seth Mattinen <sethm at rollernet.us> wrote:
> On 5/20/19 4:26 PM, John Kristoff wrote:
> > On Mon, 20 May 2019 23:09:02 +0000
> > Seth Mattinen<sethm at rollernet.us> wrote:
> >> A good start would be killing any /24 announcement where a covering
> >> aggregate exists.
> > I wouldn't do this as a general rule. If an attacker knows networks are
> > 1) not pointing default, 2) dropping /24's, 3) not validating the
> > aggregates, and 4) no actual legitimate aggregate exists, (all
> > reasonable assumptions so far for many /24's), then they have a pretty
> > good opportunity to capture that traffic.
> I'm talking about the case where someone has like a /20 and announces
> the /20 plus every /24 it contains. I regard those as garbage
The lesson for all is — do not expect /24s to reach all edges. People have
been doing this since we hit 512k routes, and will do it more often,
regardless of how much shade you throw on this mailer.
Like NAT, this is another way that IPv4 is buckling
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG