Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BG

ietf

Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard

2016-07-03 13:50:04

Sat, Jul 02, 2016 at 07:44:02PM +0900, Randy Bush:

and you are kinda peotected by the community not being well-known,
i.e. different for each upstream. the attacker has to know the
community for each upstream and be able to not only inject the prefix
but also tag it with the correct community for each upstream.


Your argument comes down to "security through obscurity"


no.  non-transitiveness through local naming, the reason this has not
allowed serious damage in current practice.

randy


a receiving operator could limit scope, if they chose.  something like

route-map foo p 10
 match community blackhole
 match as-path ^([0-9]+_){1,2}$
 set ip next-hop null0
route-map foo d 20
 match community blackhole
route-map foo ...

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Job Snijders Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Nick Hilliard Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Randy Bush Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, joel jaeggli Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Randy Bush Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Job Snijders Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Randy Bush Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, heasley <= Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Randy Bush RE: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Michel Py Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Christopher Morrow Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Randy Bush Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Nick Hilliard RE: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, bruno.decraene RE: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Michel Py Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Marco Marzetti

Previous by Date:	RE: Gen-ART LC review of draft-ietf-trill-channel-tunnel-09, Peter Yee
Next by Date:	Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Nick Hilliard
Previous by Thread:	Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Randy Bush
Next by Thread:	Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Randy Bush
Indexes:	[Date] [Thread] [Top] [All Lists]