nanog mailing list archives
RE: Is AS information useful for security?
From: Drew Weaver <drew.weaver () thenap com>
Date: Thu, 15 Dec 2011 11:28:48 -0500
-----Original Message----- From: Justin M. Streiner [mailto:streiner () cluebyfour org] Sent: Thursday, December 15, 2011 9:45 AM To: nanog () nanog org Subject: Re: Is AS information useful for security?
origin-AS could be another story. If you know of an AS that is being used by the bad guys for bad purposes, you can write a routing policy to dump all traffic to/from that AS into the bit bucket or take some other action that could be dictated by your security policy. In that case, a routing policy could be >considered an extension of a security policy.
I could be wrong here but I believe origin-AS uses a lookup from the routing table to figure out what the originAS for the source IP should be (and not what it explicitly IS) which means the information is unreliable. For example if someone is sending spoofed packets towards you the origin AS will always show up as the originator of the real route instead of the origin AS of the actual traffic. This is why it would be useful to have the originAS (from the actual origin) in the packet header. Thanks, -Drew
Current thread:
- Is AS information useful for security? Joe Loiacono (Dec 15)
- Re: Is AS information useful for security? Justin M. Streiner (Dec 15)
- RE: Is AS information useful for security? Drew Weaver (Dec 15)
- Re: Is AS information useful for security? Paolo Lucente (Dec 15)
- Re: Is AS information useful for security? Patrick Sumby (Dec 16)
- Re: Is AS information useful for security? Eric (Dec 15)
- RE: Is AS information useful for security? Drew Weaver (Dec 15)
- Re: Is AS information useful for security? Justin M. Streiner (Dec 15)