On 24/01/2016 23:01, Nathan Ward wrote:
This sort of works, except there’s a strong chance that the attacker only gets
advertised poisoned paths, and you’d drop all traffic.
Do You mean attacker's ASN is non-existent? Or attacker's src IP is from
RFC 1918/6598 space? Or attacker's src.IP are spoofed?
Please define "poisoned paths".
Rather than making that a chance, why not make it deterministic - stick the
attackers ASN in all advertisements and drop them entirely.
I mentioned that there could be legit traffic coming from attacker's
ASN. That's why I am giving it a chance.
Thx
Alex
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
