Home page logo
/

nanog logo nanog mailing list archives

Re: Regarding smaller prefix for hijack protection
From: Andy Davidson <andy () nosignal org>
Date: Thu, 30 Aug 2012 17:59:56 +0100

On 30/08/12 12:54, Anurag Bhatia wrote:
Is using /24 a must to protect (a bit) against route hijacking? 

Announcing your, say /19 as 32 /24s does not prevent someone from trying
to hijack you, you will still get some disruption if someone tries, but
you might limit the scope of their success or the scope of your
perceived outage (which is why temporary shorter prefixes are announced
in order to limit the effects of hijacks, including in the example you
cited.)

Far more useful to monitor and take evasive action in the event of a hijack.

So can we conclude that one should always use /24 to make sure that they
loose as little as possible traffic during prefix hijacking?

There is not room for 4bn entries in the routing table.  You deserved to
be filtered off the net if you try this stunt !

Andy


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault