> For the paranoid: if a bad-guy gets control of core routes for your ISP,
> you're toast. Actually, judicious use of default routes and packet filtering
> for "impossible" route paths limits the damage to denial of service.
> Do not believe routing updates unless the damage to the other guy is much
> worse than the damage to you if they are bogus. (Why ISPs take good care.)
> Worry about this only after all reusable passwords are gone from your hosts.
Whilst I understand the whole point of running a routing daemon is to take
advantage of changing network toplogy, for many networks, there is a single
route out onto the big bad Internet. I find that using static routes (added
at bootup) and then using gatd to ONLY advertise routes seems to work quite
well. This saves me lots of worry as even if someone sends me a bogus
update, it is just ignored :-)