nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 69/8...this sucks -- Centralizing filtering..

From: "Jack Bates" <jbates () brightok net>
Date: Tue, 11 Mar 2003 08:34:10 -0600


From: "Iljitsch van Beijnum"


Fortunately, in this particular case there is a solution on the horizon:
S-BGP or soBGP. These BGP extensions authenticate all prefix
announcements, so there is no longer any need to perform bogon filtering
on routing information. uRPF can then be used to filter packets based on
the contents of the routing table.


A majority of the filters in place are not BGP filters. They are firewall
rulesets designed to filter out hijacked and spoofed IP addresses to limit
DOS and illegitimate connections. S-BGP and soBGP will not solve the problem
for these people.

-Jack
Previous By Date Next
Previous By Thread Next

Current thread: