nanog mailing list archives

Re: BGP to doom us all

From: Rob Thomas <robt () cymru com>
Date: Fri, 28 Feb 2003 21:33:12 -0600 (CST)


Hi, Alex.

] RCS of your router config is your friend.

Yep, agreed.  Sanity checking router configurations is a very wise move.
Just so everyone knows, the miscreants generally disable all logging
capability and enact ACLs to block all ICMP, UDP, and selectively permit
telnet from their hacked hosts.  These are some of the warning signs.

] Who cares? If the other routers are configured correctly, they wont take
] tainted advertisements. If they are not configured correctly, any Super
] Secure BGP wont help.

Yep, thus my constant raving about prefix filtering.  :)

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);

Current thread:

BGP to doom us all Jim Deleskie (Feb 28)
- Re: BGP to doom us all Bruce Pinsky (Feb 28)
  - Re: BGP to doom us all batz (Feb 28)
    - Re: BGP to doom us all Rob Thomas (Feb 28)
    - Re: BGP to doom us all alex (Feb 28)
    - Re: BGP to doom us all Rob Thomas (Feb 28)
  - Re: BGP to doom us all Randy Bush (Feb 28)
  - Re: BGP to doom us all Steven M. Bellovin (Feb 28)
    - Re: BGP to doom us all batz (Feb 28)
    - RE: BGP to doom us all Barry Raveendran Greene (Feb 28)
    - Re: BGP to doom us all Steven M. Bellovin (Feb 28)
- Re: BGP to doom us all Sean Donelan (Feb 28)
  - Re: BGP to doom us all Bruce Robertson (Feb 28)
- Re: BGP to doom us all Randy Bush (Feb 28)
  - Re: BGP to doom us all batz (Feb 28)
    - Re: BGP to doom us all Randy Bush (Feb 28)

(Thread continues...)