21 Feb
2011
21 Feb
'11
12:47 a.m.
In the most cases of real hijacks I know, the origin was the real ASN of the prefix. It is easy, like this (cisco style):
router bgp $EVIL_AS network $TARGET_SITE_IP/24 route-map INSERT_ASN ... route-map INSERT_ASN permit 1 set as-path prepend $TARGET_SITE_ASN
for *real* attacks, yes. but 99% of mis-announcements are fat fingers, and do not have the correct asn in the origin.
If you need to fight with the hijacks, you SURE need to check and filter the WHOLE chain of route.
agree completely. see new sidr wg charter randy