[56605] in North American Network Operators' Group
Re: 69/8...this sucks -- Centralizing filtering..
daemon@ATHENA.MIT.EDU (Jack Bates)
Tue Mar 11 09:39:12 2003
From: "Jack Bates" <jbates@brightok.net>
To: "Iljitsch van Beijnum" <iljitsch@muada.com>,
"Todd A. Blank" <todd.blank@ipoutlet.com>
Cc: <nanog@merit.edu>
Date: Tue, 11 Mar 2003 08:34:10 -0600
Errors-To: owner-nanog-outgoing@merit.edu
From: "Iljitsch van Beijnum"
> Fortunately, in this particular case there is a solution on the horizon:
> S-BGP or soBGP. These BGP extensions authenticate all prefix
> announcements, so there is no longer any need to perform bogon filtering
> on routing information. uRPF can then be used to filter packets based on
> the contents of the routing table.
>
A majority of the filters in place are not BGP filters. They are firewall
rulesets designed to filter out hijacked and spoofed IP addresses to limit
DOS and illegitimate connections. S-BGP and soBGP will not solve the problem
for these people.
-Jack
