BGP prefix filter list
Alejandro Acosta
alejandroacostaalamo at gmail.com
Wed May 22 16:58:52 UTC 2019
Hello.., you are totally right, the first reason that came to my mind is
traffic engineering but there are other reasons too.
On 5/22/19 12:40 PM, Tom Beecher wrote:
> There are sometimes legitimate reasons to have a covering aggregate
> with some more specific announcements. Certainly there's a lot of
> cleanup that many should do in this area, but it might not be the best
> approach to this issue.
>
> On Tue, May 21, 2019 at 5:30 AM Alejandro Acosta
> <alejandroacostaalamo at gmail.com
> <mailto:alejandroacostaalamo at gmail.com>> wrote:
>
>
> On 5/20/19 7:26 PM, John Kristoff wrote:
> > On Mon, 20 May 2019 23:09:02 +0000
> > Seth Mattinen <sethm at rollernet.us <mailto:sethm at rollernet.us>>
> wrote:
> >
> >> A good start would be killing any /24 announcement where a covering
> >> aggregate exists.
> > I wouldn't do this as a general rule. If an attacker knows
> networks are
> > 1) not pointing default, 2) dropping /24's, 3) not validating the
> > aggregates, and 4) no actual legitimate aggregate exists, (all
> > reasonable assumptions so far for many /24's), then they have a
> pretty
> > good opportunity to capture that traffic.
>
>
> +1 John
>
> Seth approach could be an option _only_ if prefix has an aggregate
> exists && as origin are the same
>
>
> > John
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190522/eceb1cf3/attachment.html>
More information about the NANOG
mailing list