[155913] in North American Network Operators' Group
Re: Regarding smaller prefix for hijack protection
daemon@ATHENA.MIT.EDU (Arturo Servin)
Thu Aug 30 10:09:08 2012
From: Arturo Servin <arturo.servin@gmail.com>
In-Reply-To: <CAArzuosLuG=tQdHVNN_UAUH6RV898+HMVVT9FLWvkez_jEcBwg@mail.gmail.com>
Date: Thu, 30 Aug 2012 10:08:01 -0400
To: Anurag Bhatia <me@anuragbhatia.com>
Cc: NANOG Mailing List <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Or better.
Sign your prefixes and create ROAs to monitor any suspicious =
activity.
There is an app for that:
http://bgpmon.net=20
Besides the normal service you can use also RPKI data to trigger alarms =
of possible hijacks
http://www.labs.lacnic.net/rpkitools/looking_glass/=20
You can query periodically with a simple curl/wget to see if your prefix =
is valid or invalid (possibly hijacked), e.g. =
http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.7.84.=
0/23
Polluting the routing table to protect against hijacks should be =
the last option and against an attack that is happening, and not for =
"just in case".
Regards,
/as
On 30 Aug 2012, at 08:00, Suresh Ramasubramanian wrote:
> You might find your /24 routes filtered out at a lot of places that do
> have sensible route filtering
>=20
> But then yes, it'd protect you against the idiots who dont know bgp
> from a hole in the ground anyway and let whatever hijacking happen
>=20
> But I'd suggest do whatever such announcement if and only if you see a
> hijack, as a mitigation measure.
>=20
