netsec-sig - Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs....
Subject: Internet2 Network Security SIG
List archive
- From:
- To: Andrew Gallo <>
- Cc:
- Subject: Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs....
- Date: Wed, 15 May 2019 11:24:02 -0400
>
> What's the opinion of having the DDoS vendor advertise the prefix using the
> original networks ASN, in which case, the original ROA would cover? Is
> that bad form in terms of routing?
>
I’m not sure that fixes anything. The DDoS vendor will need to advertise a
more specific, so you’re now stuck with creating many ROAs, or select an
optional prefix length to cover the more specifics. Either will allow a
hijacker to use spoof your origin and advertise more specific to effective
divert traffic, all the while passing a validator test.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [Security-WG] Seeking advice on BCP for ROAs...., ssw, 05/15/2019
- <Possible follow-up(s)>
- Re: [Security-WG] Seeking advice on BCP for ROAs...., John Kristoff, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., ssw, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., ssw, 05/15/2019
- Message not available
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., John Kristoff, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., Andrew Gallo, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., ssw, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., Andrew Gallo, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., Brad Fleming, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., ssw, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., Adair Thaxton, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., Andrew Gallo, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., John Kristoff, 05/15/2019
- Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs...., ssw, 05/15/2019
Archive powered by MHonArc 2.6.19.