Home page logo
/

nanog logo nanog mailing list archives

Re: Anyone notice strange announcements for 174.128.31.0/24
From: sandy () tislabs com (Sandy Murphy)
Date: Tue, 13 Jan 2009 15:41:46 -0500 (EST)

It should be pointed out that pre-provisioned AS_Path filters and  
prefix-lists would actually be effective at defeating this and  
preventing someone who is actually malicious from using this  
technique.  This is an excellent argument for implementing SIDR...

Finally we agree.  Although I am not certain SIDR is the optimal  
answer, we agree it would solve the problem.

The sidr wg is working on protection of the origination of the
route - so the origin AS in the AS_PATH is known to be authorized
to originate routes to the prefix.

That's not full AS_PATH protection.  sidr is not doing full AS_PATH protection.

Yet.

Protecting the origination is not sufficient, everyone recognizes that.
But protecting the origination is necessary for eventual full AS_PATH
protection, so we're not wasting our time, either.

Feel free to chime in on the sidr list about wanting full path protection.
As loud as you like.

--Sandy


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault