Re: BGP prefix filter list

[Ca By <cb.list6 () gmail com>]

On Mon, May 20, 2019 at 5:59 PM Seth Mattinen <sethm () rollernet us> wrote:

> On 5/20/19 4:26 PM, John Kristoff wrote:
> > On Mon, 20 May 2019 23:09:02 +0000
> > Seth Mattinen<sethm () rollernet us>  wrote:
> >
> > > A good start would be killing any /24 announcement where a covering
> > > aggregate exists.
> > I wouldn't do this as a general rule.  If an attacker knows networks are
> > 1) not pointing default, 2) dropping /24's, 3) not validating the
> > aggregates, and 4) no actual legitimate aggregate exists, (all
> > reasonable assumptions so far for many /24's), then they have a pretty
> > good opportunity to capture that traffic.
>
>
> I'm talking about the case where someone has like a /20 and announces
> the /20 plus every /24 it contains. I regard those as garbage
> announcements.


The lesson for all is — do not expect /24s to reach all edges.  People have
been doing this since we hit 512k routes, and will do it more often,
regardless of how much shade you throw on this mailer.

Like NAT, this is another way that IPv4 is buckling


>