[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Attacks on BGP Routing Ranges

Subject: Attacks on BGP Routing Ranges
From: jlewis at lewis.org (Jon Lewis)
Date: Wed, 18 Apr 2018 07:39:19 -0400 (EDT)
In-reply-to: <[email protected]>
References: <[email protected]>, <CAAeewD9y+62PqKZ4rNi9ibe0qsg3Do=Npw9WhuEGPtW4ZRDKNw@mail.gmail.com> <[email protected]>

On Wed, 18 Apr 2018, Ryan Hamel wrote:

>> c) do run BGP with GTSM, so you can drop BGP packets with lower TTL than 255
>
> Could you explain how this can resolve my issue? I am not sure how this would work.

If the issue is flooding to your interface IP, that's not a relevant 
countermeasure.  You're pretty much limited to asking the upstream to 
filter traffic to your interface IP, or asking them if you can renumber 
the interface into non-globally-routed IPs.  If they're unwilling to do 
either, "you've chosen the wrong transit provider" and should start 
shopping for replacements.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
                              |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

References:
- Attacks on BGP Routing Ranges
  - From: Ryan.Hamel at quadranet.com (Ryan Hamel)
- Attacks on BGP Routing Ranges
  - From: saku at ytti.fi (Saku Ytti)
- Attacks on BGP Routing Ranges
  - From: Ryan.Hamel at quadranet.com (Ryan Hamel)

Prev by Date: Attacks on BGP Routing Ranges
Next by Date: Suggestion for Layer 3, all SFP+ switches
Previous by thread: Attacks on BGP Routing Ranges
Next by thread: Attacks on BGP Routing Ranges
Index(es):
- Date
- Thread