nanog mailing list archives
Re: Regarding smaller prefix for hijack protection
From: Arturo Servin <arturo.servin () gmail com>
Date: Thu, 30 Aug 2012 10:08:01 -0400
Or better. Sign your prefixes and create ROAs to monitor any suspicious activity. There is an app for that: http://bgpmon.net Besides the normal service you can use also RPKI data to trigger alarms of possible hijacks http://www.labs.lacnic.net/rpkitools/looking_glass/ You can query periodically with a simple curl/wget to see if your prefix is valid or invalid (possibly hijacked), e.g. http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.7.84.0/23 Polluting the routing table to protect against hijacks should be the last option and against an attack that is happening, and not for "just in case". Regards, /as On 30 Aug 2012, at 08:00, Suresh Ramasubramanian wrote:
You might find your /24 routes filtered out at a lot of places that do have sensible route filtering But then yes, it'd protect you against the idiots who dont know bgp from a hole in the ground anyway and let whatever hijacking happen But I'd suggest do whatever such announcement if and only if you see a hijack, as a mitigation measure.
Current thread:
- Regarding smaller prefix for hijack protection Anurag Bhatia (Aug 30)
- Re: Regarding smaller prefix for hijack protection Suresh Ramasubramanian (Aug 30)
- Re: Regarding smaller prefix for hijack protection Arturo Servin (Aug 30)
- Re: Regarding smaller prefix for hijack protection Jon Lewis (Aug 30)
- Re: Regarding smaller prefix for hijack protection William Herrin (Aug 30)
- Re: Regarding smaller prefix for hijack protection George Herbert (Aug 30)
- Re: Regarding smaller prefix for hijack protection Andy Davidson (Aug 30)
- Re: Regarding smaller prefix for hijack protection Suresh Ramasubramanian (Aug 30)