BGP prefix filter list

• Previous message (by thread): BGP prefix filter list
• Next message (by thread): BGP prefix filter list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There are sometimes legitimate reasons to have a covering aggregate with
some more specific announcements. Certainly there's a lot of cleanup that
many should do in this area, but it might not be the best approach to this
issue.

On Tue, May 21, 2019 at 5:30 AM Alejandro Acosta <
alejandroacostaalamo at gmail.com> wrote:

>
> On 5/20/19 7:26 PM, John Kristoff wrote:
> > On Mon, 20 May 2019 23:09:02 +0000
> > Seth Mattinen <sethm at rollernet.us> wrote:
> >
> >> A good start would be killing any /24 announcement where a covering
> >> aggregate exists.
> > I wouldn't do this as a general rule.  If an attacker knows networks are
> > 1) not pointing default, 2) dropping /24's, 3) not validating the
> > aggregates, and 4) no actual legitimate aggregate exists, (all
> > reasonable assumptions so far for many /24's), then they have a pretty
> > good opportunity to capture that traffic.
>
>
> +1 John
>
> Seth approach could be an option _only_ if prefix has an aggregate
> exists && as origin are the same
>
>
> > John
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190522/15339579/attachment.html>

• Previous message (by thread): BGP prefix filter list
• Next message (by thread): BGP prefix filter list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]