20 May
2019
20 May
'19
8:57 p.m.
On 5/20/19 4:26 PM, John Kristoff wrote: > On Mon, 20 May 2019 23:09:02 +0000 > Seth Mattinen<sethm@rollernet.us> wrote: > >> A good start would be killing any /24 announcement where a covering >> aggregate exists. > I wouldn't do this as a general rule. If an attacker knows networks are > 1) not pointing default, 2) dropping /24's, 3) not validating the > aggregates, and 4) no actual legitimate aggregate exists, (all > reasonable assumptions so far for many /24's), then they have a pretty > good opportunity to capture that traffic. I'm talking about the case where someone has like a /20 and announces the /20 plus every /24 it contains. I regard those as garbage announcements.