nanog mailing list archives

Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

From: Saku Ytti <saku () ytti fi>
Date: Tue, 24 May 2022 11:30:42 +0300

On Tue, 24 May 2022 at 11:23, Max Tulyev <maxtul () netassist ua> wrote:

To make a working hijack of the routed prefix (for sniffing traffic,
DDoS or something similar), you have to announce a more specific
prefix(es). It can be denied by RPKI.

If you signed RPKI prefix is still unannounced - yes, somebody can
hijack it by forging the origin ASN - that's quite easy.


This axiomatically assumes first come, first serve, which is obviously
not complete understanding of BGP best path algorithm.

-- 
  ++ytti

Current thread:

RE: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Jakob Heitz (jheitz) via NANOG (May 12)
- Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Mark Tinka (May 12)
- Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Saku Ytti (May 13)
  - RE: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Jakob Heitz (jheitz) via NANOG (May 13)
    - Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Mark Tinka (May 13)
    - Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Saku Ytti (May 14)
    - RE: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Jakob Heitz (jheitz) via NANOG (May 15)
    - Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Hank Nussbacher (May 14)
    - Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Nick Hilliard (May 14)
    - Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Max Tulyev (May 24)
    - Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Saku Ytti (May 24)
    - Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Randy Bush (May 14)
- <Possible follow-ups>
- RE: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Jakob Heitz (jheitz) via NANOG (May 24)
  - Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Geoff Huston (May 24)