[140219] in North American Network Operators' Group
Re: Suspecious anycast prefixes
daemon@ATHENA.MIT.EDU (Danny McPherson)
Thu May 5 11:40:42 2011
From: Danny McPherson <danny@tcb.net>
In-Reply-To: <4DC2A998.7080000@tiggee.com>
Date: Thu, 5 May 2011 11:39:32 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 5, 2011, at 9:43 AM, David Miller wrote:
> In a properly functioning system - folks that consume the service =
don't need to know which node they are utilizing.
Right, it doesn't matter IF things are functioning properly. If they're =
not, however...
> Providing the capability for well behaved customers to select/prefer a =
particular node over another would also allow evildoers to select/prefer =
a particular node over others - thereby increasing the attack surface of =
this node, yes?
This isn't expressly about the capability to allow consumers to select =
one node of another, it's about transparency in which nodes they're =
using being visible in the control plane - there's no indication of that =
today.
As for attack surface expanse, no. You could largely already accomplish =
something of this sort today in the elements of the forwarding path you =
influence if you were an evildoer aiming to do such a thing.
-danny=
