Attacks on BGP Routing Ranges

• Subject: Attacks on BGP Routing Ranges
• From: rdobbins at arbor.net (Roland Dobbins)
• Date: Thu, 19 Apr 2018 10:01:46 +0700
• In-reply-to: <[email protected]>
• References: <[email protected]> <CAAeewD9y+6[email protected]> <[email protected]>

On 18 Apr 2018, at 18:03, Ryan Hamel wrote:

>  Could you explain how this can resolve my issue? I am not sure how 
> this would work.

You should have iACLs and GTSM enabled, as noted previously.

Ideally, the link should come from an unadvertised range, or a range 
which is sunk to null0 at the edge, as Job indicated.

If the link is numbered from a range assigned to your peer, they should 
have iACLs in place to prevent that range being packeted.

If the link is numbered from your own range, you should ask your peer to 
add that range to their iACLs, as well.

This .pdf preso discusses infrastructure self-protection concepts:

<https://app.box.com/s/osk4po8ietn1zrjjmn8b>

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Follow-Ups:
  • Attacks on BGP Routing Ranges
    • From: jean at ddostest.me (Jean | ddostest.me)

• References:
  • Attacks on BGP Routing Ranges
    • From: Ryan.Hamel at quadranet.com (Ryan Hamel)
  • Attacks on BGP Routing Ranges
    • From: saku at ytti.fi (Saku Ytti)
  • Attacks on BGP Routing Ranges
    • From: Ryan.Hamel at quadranet.com (Ryan Hamel)

• Prev by Date: Suggestion for Layer 3, all SFP+ switches
• Next by Date: Attacks on BGP Routing Ranges
• Previous by thread: Attacks on BGP Routing Ranges
• Next by thread: Attacks on BGP Routing Ranges
• Index(es):
  • Date
  • Thread