Re: Regarding smaller prefix for hijack protection

This seems like an opportune time to remind people about RPKI-based origin validation as a hijack mitigation: I haven't run the numbers, but

Re: Regarding smaller prefix for hijack protection

The thing to acknowledge is that you've realized it otherwise if you follow the CIDR report than you will find bunch of arrogant folks/SPs not willing to understand the dilemma they are causing through de-aggregation. Regards, Aftab A. Siddiqui On Tue, Sep 4, 2012 at 10:19 AM, Anurag Bhatia wr

Re: Regarding smaller prefix for hijack protection

I didn't realized the routing table size problem with /24's. Stupid me. Thanks everyone for updates. Appreciate good answers. On Fri, Aug 31, 2012 at 4:18 AM, George Herbert wrote: > On Thu, Aug 30, 2012 at 8:41 AM, William Herrin wrote: > > On Thu, Aug 30, 2012 at 7:54 AM, Anurag Bhatia > w

Re: Regarding smaller prefix for hijack protection

On Thu, Aug 30, 2012 at 8:41 AM, William Herrin wrote: > On Thu, Aug 30, 2012 at 7:54 AM, Anurag Bhatia wrote: >> Is using /24 a must to protect (a bit) against route hijacking? > > Hi Anurag, > > Not only is it _not_ a must, it doesn't work and it impairs your > ability to detect the fault. > >

Re: Regarding smaller prefix for hijack protection

On 30/08/12 12:54, Anurag Bhatia wrote: > Is using /24 a must to protect (a bit) against route hijacking? Announcing your, say /19 as 32 /24s does not prevent someone from trying to hijack you, you will still get some disruption if someone tries, but you might limit the scope of their success or

Re: Regarding smaller prefix for hijack protection

On Thu, Aug 30, 2012 at 7:54 AM, Anurag Bhatia wrote: > Is using /24 a must to protect (a bit) against route hijacking? Hi Anurag, Not only is it _not_ a must, it doesn't work and it impairs your ability to detect the fault. In a route hijacking scenario, traffic for a particular prefix will fl

Re: Regarding smaller prefix for hijack protection

Or better. Sign your prefixes and create ROAs to monitor any suspicious activity. There is an app for that: http://bgpmon.net Besides the normal service you can use also RPKI data to trigger alarms of possible hijacks http://www.labs.lacnic.net/rpkitools/looking_glass

Re: Regarding smaller prefix for hijack protection

On Thu, 30 Aug 2012, Anurag Bhatia wrote: I tried looking on net but couldn't found direct answer, so thought to ask here for some advise. Is using /24 a must to protect (a bit) against route hijacking? We all remember case of YouTube 2008 and hijacking in Pakistan. At that time YouTube was usi

Re: Regarding smaller prefix for hijack protection

You might find your /24 routes filtered out at a lot of places that do have sensible route filtering But then yes, it'd protect you against the idiots who dont know bgp from a hole in the ground anyway and let whatever hijacking happen But I'd suggest do whatever such announcement if and only if

Regarding smaller prefix for hijack protection

Hello everyone! I tried looking on net but couldn't found direct answer, so thought to ask here for some advise. Is using /24 a must to protect (a bit) against route hijacking? We all remember case of YouTube 2008 and hijacking in Pakistan. At that time YouTube was using /22 and thus /24 (more