Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)
Max Tulyev
maxtul at netassist.ua
Mon May 23 16:03:43 UTC 2022
15.05.22 00:19, Nick Hilliard пише:
> a malicious actor will spoof the origin AS. The aim of RPKI to help
> stop mis-origination of prefixes, and the root cause of most of this is
> accidental.
To make a working hijack of the routed prefix (for sniffing traffic,
DDoS or something similar), you have to announce a more specific
prefix(es). It can be denied by RPKI.
If you signed RPKI prefix is still unannounced - yes, somebody can
hijack it by forging the origin ASN - that's quite easy.
More information about the NANOG
mailing list