RE: What Worked - What Didn't

["Daniel Golding" <dgolding () sockeye com>]

Gee, the only major ISP that uses MD5 for peering links is Verio. That what
you were looking for, Randy? :)

Seriously, BGP session hijacking is the least of our worries. If you want to
hit internet infrastructure, the points of weakness are obvious and
physical. Car bombs at a dozen sites that we all know so well would be
enough to seriously degrade internet communications, particularly if they
were detonated near the fiber entrance facilities.

This underscores the previous concerns mentioned by some about the common
colocation of private peering by major internet carriers. Looks a little
riskier now, yes?

- Daniel Golding

-----Original Message-----
From: Randy Bush [mailto:randy () psg com]
Sent: Monday, September 17, 2001 2:19 PM
To: Daniel Golding
Cc: nanog () merit edu
Subject: RE: What Worked - What Didn't


> The big winners were cable TV, email, packet networks and IM applications.
> The big losers with cell phones, circuit switching, PSTN, non-akamized
> news sites.

no one went after the comms infrastructure.  when they do, i suspect that
we will find the internet is extremely vulnerable.  how many folk even
have md5 auth turned on their bgp peering sessions?  what nievete!

randy