nanog mailing list archives
Re: BGP to doom us all
From: Rob Thomas <robt () cymru com>
Date: Fri, 28 Feb 2003 21:15:28 -0600 (CST)
Hi, NANOGers. ] However, given the recent academic popularity of attacks against routers, Indeed! Compromised routers (generally Cisco) are routinely traded in the underground. However, these routers are usually compromised by taking advantage of weak passwords, e.g. "cisco" for access and enable. :( Some who trade for compromised routers (one cisco is worth approximately three to five stolen credit cards) specifically ask for routers running BGP, and may pay a premium for this extra. Trade in compromised Juniper routers is rare, but it does occur. As to what is done with these compromised routers, well, ask me at the next NANOG. There are many things folks can do with existing BGP configurations to make things a bit better. Prefix filtering, both on ingress and egress, MD5 authentication, and ACLs for TCP 179 help. Are they perfect? No, nothing is a panacea. However, raising the bar even a little can yield impressive results. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
Current thread:
- BGP to doom us all Jim Deleskie (Feb 28)
- Re: BGP to doom us all Bruce Pinsky (Feb 28)
- Re: BGP to doom us all batz (Feb 28)
- Re: BGP to doom us all Rob Thomas (Feb 28)
- Re: BGP to doom us all alex (Feb 28)
- Re: BGP to doom us all Rob Thomas (Feb 28)
- Re: BGP to doom us all batz (Feb 28)
- Re: BGP to doom us all Bruce Pinsky (Feb 28)
- Re: BGP to doom us all Randy Bush (Feb 28)
- Re: BGP to doom us all Steven M. Bellovin (Feb 28)
- Re: BGP to doom us all batz (Feb 28)
- RE: BGP to doom us all Barry Raveendran Greene (Feb 28)
- Re: BGP to doom us all Steven M. Bellovin (Feb 28)
- Re: BGP to doom us all Bruce Robertson (Feb 28)