On Sun, Oct 22, 2023 at 8:47 AM Job Snijders <job@fastly.com> wrote:
The attacker won’t be drawing traffic towards itself destined for addresses in the /22, because of LPM
Hi Job, The idea is that you have some infrastructure on IP addresses that you don't route on the Internet. Maybe it's the /24 you use to number your routers. Maybe it's a private network. Whatever it is, you intend for that address block to be absent from Internet routing and produce a ROA for AS0 which should, theoretically, force it to be absent from the Internet. Then someone comes along and advertises a portion of the RIR space larger than any allocation. Since your subnet is intentionally absent from the Internet, that larger route draws the packets allowing a hijack of your address space. In essence, this means that a ROA to AS0 doesn't work as intended. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/