nanog mailing list archives
Re: BGP Security Research Question
From: sthaug () nethelp no
Date: Tue, 04 Nov 2014 15:03:00 +0100 (CET)
Let me disagree - Pakistan Youtube was possible only because their uplink provider did NOT implement inbound route filters . As always the weakest link is human factor - and no super-duper newest technology is ever to help here .
Agreed, the uplink absolutely should have implemented prefix filtering. However, if the Youtube prefixes had been protected with RPKI, ISPs far away could have verified the announcements themselves - and would have found that the Pakistan Telecom originated prefixes were invalid (and would presumably have found the original Youtube prefixes to be valid). As least that's how I understand RPKI. I want *both* prefix filtering and a system like RPKI. Steinar Haug, Nethelp consulting, sthaug () nethelp no
Current thread:
- Re: BGP Security Research Question, (continued)
- Re: BGP Security Research Question Roland Dobbins (Nov 04)
- Re: BGP Security Research Question Valdis . Kletnieks (Nov 04)
- Re: BGP Security Research Question Roland Dobbins (Nov 04)
- Re: BGP Security Research Question Valdis . Kletnieks (Nov 04)
- Re: BGP Security Research Question Yuri Slobodyanyuk (Nov 04)
- Re: BGP Security Research Question sthaug (Nov 04)
- Re: BGP Security Research Question Nick Hilliard (Nov 04)
- Re: BGP Security Research Question Sandra Murphy (Nov 04)
- RE: BGP Security Research Question Russ White (Nov 04)
- Re: BGP Security Research Question sthaug (Nov 04)
- Re: BGP Security Research Question Yuri Slobodyanyuk (Nov 04)
- Re: BGP Security Research Question Sandra Murphy (Nov 04)
- Re: BGP Security Research Question sthaug (Nov 04)
- Re: BGP Security Research Question Roland Dobbins (Nov 04)