Advisory - tunneling of IP at exchange points.

Hmm unfortuntely for us GRF owners it seems that filterd cannot deal
with filter this. Joy! I wonder how many months for a fix!?


Maybe I'm missing something, but couldn't you block this with routing
as well? The attack seems to be based on the fact that your NAP routers have
routes to other NAP LANs.

  Let's say you connect to just MAE-E and MAE-W. At MAE-E, add a route
for the MAE-W network to null0. Do the opposite at MAE-W. While this may
work for everyone, is should work for the majority. It may also be more
pleasant then adding filters to a high speed interface.

Jeff Swinton