Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>> why the security warning relating to denial of service attacks was
>>> removed.
>> 
>> what could possibly go wrong with a well-known transitive attribute
>> which causes an un-authenticated prefix's traffic to be dropped on the
>> floor?
> 
> Today I have 5 or six of them... and my managment system has a series of
> substitutions for the provider-appropriate one.  So, what can go wrong
> with a poorly understood and loosely coordinated transitive attributes
> which cause unauthenticated prefixes traffic to be dropped on the floor?

and you are kinda peotected by the community not being well-known, i.e.
different for each upstream.  the attacker has to know the community for
each upstream and be able to not only inject the prefix but also tag it
with the correct community for each upstream.

it is the combination of well-known and transitive that is deadly.

randy




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]