nanog mailing list archives
Re: BGP in the Washngton Post
From: Mark Andrews <marka () isc org>
Date: Wed, 03 Jun 2015 10:05:12 +1000
In message <556C8EBC.7080109 () netassist ua>, Max Tulyev writes:
Is there *IN THEIORY* any possibility to make BGP secure enough now? Yes, RPKI protects from fat fingered people, but NOT protects from people doing hijacks knowlingly.
At the moment because not enough of the net is covered. When you get enough coverage then yes it will protect you because there is no way to get a valid CERT to authenticate the hijack. Even before that RPKI will limit the impact of the hijack by isolating the attack to the networks close to the injection points. Think of this as herd immunity.
The global routing registry really can be the solution, but it automatically gives one authority a power to cut off any network. Imagine how fast it will be used for censorship.
On 01.06.15 16:24, William Herrin wrote:Interesting story about BGP and security in the Washington Post today: http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/ -Bill
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- RE: Routing Insecurity (Re: BGP in the Washington Post), (continued)
- RE: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 11)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Christopher Morrow (Jun 11)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Sandra Murphy (Jun 10)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 11)
- Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 04)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Andrews (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Danny McPherson (Jun 03)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 01)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Tinka (Jun 01)
- Re: BGP in the Washngton Post Mark Andrews (Jun 02)
- Re: BGP in the Washngton Post Randy Bush (Jun 02)
- Re: BGP in the Washngton Post Saku Ytti (Jun 03)