20 May
2019
20 May
'19
7:26 p.m.
On Mon, 20 May 2019 23:09:02 +0000 Seth Mattinen <sethm@rollernet.us> wrote:
A good start would be killing any /24 announcement where a covering aggregate exists.
I wouldn't do this as a general rule. If an attacker knows networks are 1) not pointing default, 2) dropping /24's, 3) not validating the aggregates, and 4) no actual legitimate aggregate exists, (all reasonable assumptions so far for many /24's), then they have a pretty good opportunity to capture that traffic. John