[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Regarding smaller prefix for hijack protection

Subject: Regarding smaller prefix for hijack protection
From: arturo.servin at gmail.com (Arturo Servin)
Date: Thu, 30 Aug 2012 10:08:01 -0400
In-reply-to: <CAArzuosLuG=tQdHVNN_UAUH6RV898+HMVVT9FLWvkez_jEcBwg@mail.gmail.com>
References: <CAJ0+aXah=Ad4Jd8-fCGdottWiBKuO0cprYA-JKrTNeKbNpG79Q@mail.gmail.com> <CAArzuosLuG=tQdHVNN_UAUH6RV898+HMVVT9FLWvkez_jEcBwg@mail.gmail.com>

	Or better.

	Sign your prefixes and create ROAs to monitor any suspicious activity.

	There is an app for that:

http://bgpmon.net 
Besides the normal service you can use also RPKI data to trigger alarms of possible hijacks

http://www.labs.lacnic.net/rpkitools/looking_glass/ 
You can query periodically with a simple curl/wget to see if your prefix is valid or invalid (possibly hijacked), e.g. http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.7.84.0/23

	Polluting the routing table to protect against hijacks should be the last option and against an attack that is happening, and not for "just in case".

Regards,
/as



On 30 Aug 2012, at 08:00, Suresh Ramasubramanian wrote:

> You might find your /24 routes filtered out at a lot of places that do
> have sensible route filtering
> 
> But then yes, it'd protect you against the idiots who dont know bgp
> from a hole in the ground anyway and let whatever hijacking happen
> 
> But I'd suggest do whatever such announcement if and only if you see a
> hijack, as a mitigation measure.
>

References:
- Regarding smaller prefix for hijack protection
  - From: me at anuragbhatia.com (Anurag Bhatia)
- Regarding smaller prefix for hijack protection
  - From: ops.lists at gmail.com (Suresh Ramasubramanian)

Prev by Date: mac limit per VPLS domain
Next by Date: Regarding smaller prefix for hijack protection
Previous by thread: Regarding smaller prefix for hijack protection
Next by thread: Regarding smaller prefix for hijack protection
Index(es):
- Date
- Thread