[bcop] Indosat (AS4761) BGP Hijack

Benno Overeinder benno at NLnetLabs.nl
Mon Apr 7 15:12:56 CEST 2014


Hi Blake (with cc to BCOP list),

On 04/03/2014 03:49 PM, Blake WILLIS wrote:
> On 3 Apr 2014, at 1:45 PM, IP TAC wrote:
> 
>> Dear Partner,
>>  
>> The problem caused by misconfig by our third-party support.
>> We already have plan to prevent the problem exist in the future if any misconfig happen again.
>> We apologize for the inconvenience.
> 
> Greetings,
> 
> May I take this opportunity to suggest that you (& anyone else listening that doesn't already have two levels of prevention on their BGP customers)
> implement a BGP max-prefix setting on your customer peer-groups to prevent this sort of incident in the future (in addition to using per-customer prefix filters)?

This might (indeed) be an excellent document for a BCOP.  If you are in
the opportunity to attend the RIPE meeting, you might consider to start
working on a BCOP document for (basic) filtering.

This can be part of another, more broad defined document on BGP
configuration, or more specific on customer peer-group filtering.

Please let us know what you think.

Best,

-- Benno


-- 
Benno J. Overeinder
NLnet Labs
http://www.nlnetlabs.nl/




More information about the BCOP mailing list