nanog mailing list archives
Re: Suspecious anycast prefixes
From: Danny McPherson <danny () tcb net>
Date: Thu, 5 May 2011 11:39:32 -0400
On May 5, 2011, at 9:43 AM, David Miller wrote:
In a properly functioning system - folks that consume the service don't need to know which node they are utilizing.
Right, it doesn't matter IF things are functioning properly. If they're not, however...
Providing the capability for well behaved customers to select/prefer a particular node over another would also allow evildoers to select/prefer a particular node over others - thereby increasing the attack surface of this node, yes?
This isn't expressly about the capability to allow consumers to select one node of another, it's about transparency in which nodes they're using being visible in the control plane - there's no indication of that today. As for attack surface expanse, no. You could largely already accomplish something of this sort today in the elements of the forwarding path you influence if you were an evildoer aiming to do such a thing. -danny
Current thread:
- Re: Suspecious anycast prefixes, (continued)
- Re: Suspecious anycast prefixes bmanning (May 05)
- Re: Suspecious anycast prefixes Yaoqing(Joey) Liu (May 05)
- Re: Suspecious anycast prefixes bmanning (May 05)
- Re: Suspecious anycast prefixes Yaoqing(Joey) Liu (May 09)
- Re: Suspecious anycast prefixes Randy Bush (May 10)
- Re: Suspecious anycast prefixes bmanning (May 05)
- Re: Suspecious anycast prefixes David Miller (May 03)
- Re: Suspecious anycast prefixes Danny McPherson (May 05)
- Re: Suspecious anycast prefixes David Miller (May 05)
- Re: Suspecious anycast prefixes Danny McPherson (May 05)
- Re: Suspecious anycast prefixes David Miller (May 05)
- Re: Suspecious anycast prefixes Danny McPherson (May 05)
- Re: Suspecious anycast prefixes bmanning (May 05)