nanog mailing list archives
Re: Secure BGP (Was: YouTube IP Hijacking)
From: Jeroen Massar <jeroen () unfix org>
Date: Mon, 25 Feb 2008 12:04:18 +0100
michael.dillon () bt com wrote: [..]
Pushing this task off to a server that does not have packet-forwarding duties also allows for flexible interfaces to network management systems including the possibility of asking for human confirmation before announcing a new route.
There is no (direct) requirement for most of these solutions to do it in the router that forwards actual packets, just add a special BGP box for this. This box then 'verifies' if the update looks OK. When the update looks fishy, it can either, depending on what you want either notify your favourite $nocmonkey to look at it and/or at least instruct the real routers to not use that path.
You can take (S-)BGP(-S) for verification, but you can also use IRR data or whatever source you have for stating 'this prefix from there over this path is trusted', compare against that and voila, you got a report when the assumed vectors don't match and you can at least react to them.
These kind of systems already exist, see previous emails, but clearly not too many actually make use of them, now that is too bad for your customers who couldn't see their lolcats or worse who couldn't reach their stock house for quickly selling their shares before that company went down the drain completely...
Greets, Jeroen
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- RE: YouTube IP Hijacking, (continued)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- RE: YouTube IP Hijacking michael.dillon (Feb 25)
- Re: YouTube IP Hijacking Jim Mercer (Feb 25)
- RE: YouTube IP Hijacking michael.dillon (Feb 25)
- Re: YouTube IP Hijacking JC Dill (Feb 26)
- Re: YouTube IP Hijacking Steven M. Bellovin (Feb 24)
- Re: YouTube IP Hijacking Patrick W. Gilmore (Feb 24)
- Re: YouTube IP Hijacking Sean Donelan (Feb 24)
- Re: YouTube IP Hijacking Steven M. Bellovin (Feb 25)
- Secure BGP (Was: YouTube IP Hijacking) michael.dillon (Feb 25)
- Re: Secure BGP (Was: YouTube IP Hijacking) Jeroen Massar (Feb 25)
- Re: Secure BGP (Was: YouTube IP Hijacking) Sandy Murphy (Feb 25)
- Re: YouTube IP Hijacking Scott Francis (Feb 25)
- Re: YouTube IP Hijacking Hank Nussbacher (Feb 25)
- Re: YouTube IP Hijacking Patrick W. Gilmore (Feb 25)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 25)
- Re: YouTube IP Hijacking Josh Karlin (Feb 25)
- [admin] [summary] RE: YouTube IP Hijacking Alex Pilosov (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Danny McPherson (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Alex Pilosov (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Danny McPherson (Feb 25)