Phil, You would think, after hearing about 30 people with clue+++ talk, you may realize that this is a patently *bad* thing and should not be done. If your route's are being hijacked you can generally solve your problems in 2-5 phone calls...That's all it's *ever* taken me. 1. Call their NOC. 2. If not helpful call their upstream. 3. Call a couple of Tier 1's who are transit for their upstream, and have them filter it. Done deal, in the time that you've managed to call your ISP and (maybe) gotten about half the internet to reach you, you've solved the problem for the whole net and have ZERO reachability concerns. This is my first and last post to this ridiculous thread. Derek -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Phil Rosenthal Sent: Tuesday, August 06, 2002 2:44 PM To: 'E.B. Dreger'; nanog@merit.edu Subject: RE: Deaggregating for emergency purposes --- So explain how this is superior to DNS entr(y|ies) stating who your peers and upstreams are. And there's nothing to say that one could not specify allowed filters in DNS, too. If someone wants me to advertise 192.168.7/24, and DNS indicates the proper netblock is 192.168.0/19 and their ASN is not origin or adjacent hop, I'll be suspicious. What I do from there becomes a policy question; I probably would contact the IP block owner to verify the request. --- My way isn't superior at all to a secure BGP solution, but until that exists, I need a choice. I am definitely on the bandwagon for the need for a secure BGP. --Phil