nanog mailing list archives
Re: BGP Security Research Question
From: Sandra Murphy <sandy () tislabs com>
Date: Tue, 4 Nov 2014 08:54:58 -0500
On Nov 4, 2014, at 8:45 AM, Yuri Slobodyanyuk <yuri () yurisk info> wrote:
Let me disagree - Pakistan Youtube was possible only because their uplink provider did NOT implement inbound route filters . As always the weakest link is human factor - and no super-duper newest technology is ever to help here .
One problem with route filters is that the protection relies on the place closest to the problem to detect the leak. Further on in the network, not as effective.
As regards to S-bgp/soBGP from technical point of view , wait for the day when the vulnerability gets published (SSL-heartbleed style) that invalidates all this PKI stuff …
Or the IRRs on which the route filters are built. (No need for publication of a vulnerability. See recent msgs about already known problems with IRRs.) --Sandy
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- BGP Security Research Question Anthony Weems (Nov 04)
- Re: BGP Security Research Question Roland Dobbins (Nov 04)
- Re: BGP Security Research Question Valdis . Kletnieks (Nov 04)
- Re: BGP Security Research Question Roland Dobbins (Nov 04)
- Re: BGP Security Research Question Valdis . Kletnieks (Nov 04)
- Re: BGP Security Research Question Yuri Slobodyanyuk (Nov 04)
- Re: BGP Security Research Question sthaug (Nov 04)
- Re: BGP Security Research Question Nick Hilliard (Nov 04)
- Re: BGP Security Research Question Sandra Murphy (Nov 04)
- RE: BGP Security Research Question Russ White (Nov 04)
- Re: BGP Security Research Question sthaug (Nov 04)
- Re: BGP Security Research Question Yuri Slobodyanyuk (Nov 04)
- Re: BGP Security Research Question Sandra Murphy (Nov 04)
- Re: BGP Security Research Question sthaug (Nov 04)
- Re: BGP Security Research Question Roland Dobbins (Nov 04)