[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Attacks on BGP Routing Ranges

On Wed, 18 Apr 2018, Ryan Hamel wrote:

>> c) do run BGP with GTSM, so you can drop BGP packets with lower TTL than 255
> Could you explain how this can resolve my issue? I am not sure how this would work.

If the issue is flooding to your interface IP, that's not a relevant 
countermeasure.  You're pretty much limited to asking the upstream to 
filter traffic to your interface IP, or asking them if you can renumber 
the interface into non-globally-routed IPs.  If they're unwilling to do 
either, "you've chosen the wrong transit provider" and should start 
shopping for replacements.

  Jon Lewis, MCP :)           |  I route
                              |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________