nanog mailing list archives
Re: Attacks on BGP Routing Ranges
From: "Roland Dobbins" <rdobbins () arbor net>
Date: Thu, 19 Apr 2018 10:01:46 +0700
On 18 Apr 2018, at 18:03, Ryan Hamel wrote:
Could you explain how this can resolve my issue? I am not sure how this would work.
You should have iACLs and GTSM enabled, as noted previously.Ideally, the link should come from an unadvertised range, or a range which is sunk to null0 at the edge, as Job indicated.
If the link is numbered from a range assigned to your peer, they should have iACLs in place to prevent that range being packeted.
If the link is numbered from your own range, you should ask your peer to add that range to their iACLs, as well.
This .pdf preso discusses infrastructure self-protection concepts: <https://app.box.com/s/osk4po8ietn1zrjjmn8b> ----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- Attacks on BGP Routing Ranges Ryan Hamel (Apr 18)
- Re: Attacks on BGP Routing Ranges Job Snijders (Apr 18)
- Re: Attacks on BGP Routing Ranges Ryan Hamel (Apr 18)
- Re: Attacks on BGP Routing Ranges Saku Ytti (Apr 18)
- Re: Attacks on BGP Routing Ranges Ryan Hamel (Apr 18)
- Re: Attacks on BGP Routing Ranges Jon Lewis (Apr 18)
- Re: Attacks on BGP Routing Ranges Saku Ytti (Apr 18)
- Re: Attacks on BGP Routing Ranges William Herrin (Apr 18)
- Re: Attacks on BGP Routing Ranges Roland Dobbins (Apr 18)
- Re: Attacks on BGP Routing Ranges Jean | ddostest.me via NANOG (Apr 19)
- Re: Attacks on BGP Routing Ranges Ryan Hamel (Apr 18)
- Re: Attacks on BGP Routing Ranges Job Snijders (Apr 18)
- RE: Attacks on BGP Routing Ranges Nikos Leontsinis (Apr 19)