[j-nsp] Bandwidth aware using BGP on ISP transit
Alexander Arseniev
arseniev at btinternet.com
Mon Jan 25 01:48:49 EST 2016
On 24/01/2016 23:01, Nathan Ward wrote:
> This sort of works, except there’s a strong chance that the attacker only gets advertised poisoned paths, and you’d drop all traffic.
Do You mean attacker's ASN is non-existent? Or attacker's src IP is from
RFC 1918/6598 space? Or attacker's src.IP are spoofed?
Please define "poisoned paths".
> Rather than making that a chance, why not make it deterministic - stick the attackers ASN in all advertisements and drop them entirely.
I mentioned that there could be legit traffic coming from attacker's
ASN. That's why I am giving it a chance.
Thx
Alex
More information about the juniper-nsp
mailing list