nanog mailing list archives
Re: Great Suggestion for the DNS problem...?
From: Mikael Abrahamsson <swmike () swm pp se>
Date: Fri, 29 Aug 2008 08:46:28 +0200 (CEST)
On Thu, 28 Aug 2008, Brian Dickson wrote:
However, if *AS-path* filtering is done based on IRR data, specifically on the as-sets of customers and customers' customers etc., then the attack *can* be prevented.
Yes, but I can't do this for everybody else. Doing AS-path and prefix filtering (matching that a certain prefix can only be announced by a certain AS) doesn't scale in IOS for instance.
We do prefix filtering for OUR customers, but there is no feasable way for me to do this for everybody else. I think this needs to be fixed, but it involves something new that isn't present today, and I think it needs to involve vendors because they need to produce new code to handle it.
-- Mikael Abrahamsson email: swmike () swm pp se
Current thread:
- Re: Great Suggestion for the DNS problem...? Brian Dickson (Aug 28)
- Re: Great Suggestion for the DNS problem...? Alex Pilosov (Aug 28)
- Re: Great Suggestion for the DNS problem...? Brian Dickson (Aug 28)
- Re: Great Suggestion for the DNS problem...? Mikael Abrahamsson (Aug 28)
- Re: Great Suggestion for the DNS problem...? Alex Pilosov (Aug 28)