--- Michael.Dillon@radianz.com wrote:
Assuming that they are not sourcing the attacks in Banetele's AS, then you, the peer of Banetele are delivering the packet stream that kills the BGP session. How long before peering agreements require ACLs in border routers so that only BGP peering routers can source traffic destined to your BGP speaking routers?
Even better is to seperate the control plane from the forwarding plane, and ensure that the control plane of a given router cannot be spoken to by anyone who is not either internal or a direct BGP peer. Why permit garbage to touch your network? -David Barak -Fully RFC 1925 Compliant- ===== David Barak -fully RFC 1925 compliant- __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com