nanog mailing list archives
Re: do not filter your customers
From: Danny McPherson <danny () tcb net>
Date: Thu, 23 Feb 2012 21:00:31 -0500
On Feb 23, 2012, at 1:44 AM, Randy Bush wrote:
a customer leaked a full table to smellstra, and they had not filtered. hence the $subject.
Ahh, this is I think the customer "leak" problem I'm trying to illustrate that an RPKI/BGPSEC-enabled world alone (as currently prescribed) does NOT protect against. If it can happen by accident, it can certainly serve as smoke screen or enable an actual targeted attack quite nicely by those so compelled.
and things when further downhill from there, when telstra also did not filter what they announced to their peers, and the peers went over prefix limits and dropped bgp.
Prefix limits are rather binary and indiscriminate, indeed. -danny
Current thread:
- do not filter your customers Randy Bush (Feb 22)
- RE: do not filter your customers Christian Nielsen (Feb 22)
- Re: do not filter your customers Randy Bush (Feb 22)
- Re: do not filter your customers Christopher Morrow (Feb 22)
- Re: do not filter your customers Randy Bush (Feb 22)
- Re: do not filter your customers Peter Ehiwe (Feb 22)
- Re: do not filter your customers Anurag Bhatia (Feb 23)
- Re: do not filter your customers Christopher Morrow (Feb 23)
- Re: do not filter your customers Randy Bush (Feb 22)
- Re: do not filter your customers Danny McPherson (Feb 23)
- Re: do not filter your customers Randy Bush (Feb 23)
- Re: do not filter your customers Danny McPherson (Feb 24)
- Re: do not filter your customers Steven Bellovin (Feb 24)
- Re: do not filter your customers goemon (Feb 24)
- Re: do not filter your customers Joe Maimon (Feb 24)
- RE: do not filter your customers Christian Nielsen (Feb 22)
- Re: do not filter your customers Danny McPherson (Feb 24)
- Re: do not filter your customers Christopher Morrow (Feb 24)
- Re: do not filter your customers Danny McPherson (Feb 24)
- Re: do not filter your customers Richard Barnes (Feb 24)
- Re: do not filter your customers Danny McPherson (Feb 24)