[174204] in North American Network Operators' Group
Re: Prefix hijacking, how to prevent and fix currently
daemon@ATHENA.MIT.EDU (Randy Bush)
Fri Aug 29 05:48:57 2014
X-Original-To: nanog@nanog.org
Date: Fri, 29 Aug 2014 18:48:47 +0900
From: Randy Bush <randy@psg.com>
To: Karsten Thomann <karsten_thomann@linfre.de>
In-Reply-To: <54004B4B.4050202@linfre.de>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
>>>>> Loose mode would drop failing routes, iff there is covering (i.e. less
>>>>> specific is ok) route already in RIB.
>>>> isn't that exactly the hole punching attack?
>>> No, as the the more specific route is signed and is preferred (longest
>>> match routing) against the less specific hijacked route
>> clearly i am missing something. got a write-up?
> sorry my mistake, you're right
been around this a few times. no magic pill found. would love to learn
of one. but one either wants to stop mis-originations or not.
but i would like to see an actual write-up of this 'loose mode' and
terse would be fine, heck preferred. :)
randy
