nanog mailing list archives
Re: IPv4 Hijacking For Idiots
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 6 Jun 2017 12:09:08 -0400
On Tue, Jun 6, 2017 at 2:25 AM, Hank Nussbacher <hank () efes iucc ac il> wrote: (I think this is really Ron and Bill chatting, but some of the linkage got lost on the tubes)
I've read article after article after article bemoanging the fact that"BGP isn't secure",They're talking about a different problem: ISPs are supposed to configure end-user BGP sessions per BCP38 which limits which BGP announcements the customer can make. Some ISPs are sloppy and incompetent and don't dothis.Unfortunately, once you're a level or two upstream the backbone ISP actually can't do much to limit the BGP announcements because it's often impractical to determine whether a block of IP addresses can legitimately be announced from a given peer.
just a clarifying note: I don't think bcp38 talks about BGP at all, actually... I think bill is actually saying: "ISPs are supposed to configure bcp38 to filter TRAFFIC from their customers/peers and BGP filters to limit the scope of the customer routes sent/received" I don't think the filtering of customer prefixes/announcements is actually covered in a BCP though.
Current thread:
- Re: IPv4 Hijacking For Idiots, (continued)
- Re: IPv4 Hijacking For Idiots Mel Beckman (Jun 05)
- Re: IPv4 Hijacking For Idiots Christopher Morrow (Jun 05)
- Re: IPv4 Hijacking For Idiots Mel Beckman (Jun 05)
- Re: IPv4 Hijacking For Idiots Christopher Morrow (Jun 05)
- Re: IPv4 Hijacking For Idiots Ronald F. Guilmette (Jun 05)
- Re: IPv4 Hijacking For Idiots valdis . kletnieks (Jun 05)
- Re: IPv4 Hijacking For Idiots Christopher Morrow (Jun 05)
- Re: IPv4 Hijacking For Idiots Mel Beckman (Jun 05)
- Re: IPv4 Hijacking For Idiots Ronald F. Guilmette (Jun 05)
- Re: IPv4 Hijacking For Idiots Ronald F. Guilmette (Jun 05)
- Re: IPv4 Hijacking For Idiots Hank Nussbacher (Jun 05)
- Re: IPv4 Hijacking For Idiots Christopher Morrow (Jun 06)
- Re: IPv4 Hijacking For Idiots Scott Christopher (Jun 06)
- Re: IPv4 Hijacking For Idiots Mark Andrews (Jun 06)
- Re: IPv4 Hijacking For Idiots Christopher Morrow (Jun 06)
- Re: IPv4 Hijacking For Idiots Mark Andrews (Jun 06)
- Re: IPv4 Hijacking For Idiots Christopher Morrow (Jun 06)
- Re: IPv4 Hijacking For Idiots Bryan Fields (Jun 06)
- Re: IPv4 Hijacking For Idiots Mark Andrews (Jun 06)