Home page logo
/

nanog logo nanog mailing list archives

Re: Regarding smaller prefix for hijack protection
From: Arturo Servin <arturo.servin () gmail com>
Date: Thu, 30 Aug 2012 10:08:01 -0400


        Or better.

        Sign your prefixes and create ROAs to monitor any suspicious activity.

        There is an app for that:

http://bgpmon.net 
Besides the normal service you can use also RPKI data to trigger alarms of possible hijacks

http://www.labs.lacnic.net/rpkitools/looking_glass/ 
You can query periodically with a simple curl/wget to see if your prefix is valid or invalid (possibly hijacked), e.g. 
http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.7.84.0/23

        Polluting the routing table to protect against hijacks should be the last option and against an attack that is 
happening, and not for "just in case".

Regards,
/as



On 30 Aug 2012, at 08:00, Suresh Ramasubramanian wrote:

You might find your /24 routes filtered out at a lot of places that do
have sensible route filtering

But then yes, it'd protect you against the idiots who dont know bgp
from a hole in the ground anyway and let whatever hijacking happen

But I'd suggest do whatever such announcement if and only if you see a
hijack, as a mitigation measure.




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]