[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Great Suggestion for the DNS problem...?

Subject: Great Suggestion for the DNS problem...?
From: swmike at swm.pp.se (Mikael Abrahamsson)
Date: Fri, 29 Aug 2008 08:46:28 +0200 (CEST)
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On Thu, 28 Aug 2008, Brian Dickson wrote:

> However, if *AS-path* filtering is done based on IRR data, specifically 
> on the as-sets of customers and customers' customers etc., then the 
> attack *can* be prevented.

Yes, but I can't do this for everybody else. Doing AS-path and prefix 
filtering (matching that a certain prefix can only be announced by a 
certain AS) doesn't scale in IOS for instance.

We do prefix filtering for OUR customers, but there is no feasable way for 
me to do this for everybody else. I think this needs to be fixed, but it 
involves something new that isn't present today, and I think it needs to 
involve vendors because they need to produce new code to handle it.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

References:
- Great Suggestion for the DNS problem...?
  - From: briand at ca.afilias.info (Brian Dickson)

Prev by Date: Generic network agreement template
Next by Date: IP Fragmentation
Previous by thread: Great Suggestion for the DNS problem...?
Next by thread: Revealed: The Internet's well known
Index(es):
- Date
- Thread