Home page logo

nanog logo nanog mailing list archives

Re: Regarding smaller prefix for hijack protection
From: George Herbert <george.herbert () gmail com>
Date: Thu, 30 Aug 2012 15:48:41 -0700

On Thu, Aug 30, 2012 at 8:41 AM, William Herrin <bill () herrin us> wrote:
On Thu, Aug 30, 2012 at 7:54 AM, Anurag Bhatia <me () anuragbhatia com> wrote:
Is using /24 a must to protect (a bit) against route hijacking?

Hi Anurag,

Not only is it _not_ a must, it doesn't work and it impairs your
ability to detect the fault.

In a route hijacking scenario, traffic for a particular prefix will
flow to the site with the shortest AS path from the origin. Your /24
competes with their /24. Half the Internet, maybe more maybe less
depending on how well connected each of you are, will be inaccessible
to you.

Preventively there seems to be no utility to this.

Reactively, after a hijacking starts, has anyone tried announcing both
(say) /24s for the block and (say) 2x /25s for it as well, to get
more-specific under the hijacker?  Yes, a lot of places will filter
and ignore, but those that don't ...

(Yes, sign your prefixes now, on general principles)

-george william herbert
george.herbert () gmail com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]