Re: BGP Optimizers (Was: Validating possible BGP MITM attack)

[Colin Petrie <colin () spakka net>]

On 31/08/17 22:06, Job Snijders wrote:> I strongly recommend to turn off
those BGP optimizers, glue the ports
> shut, burn the hardware, and salt the grounds on which the BGP optimizer
> sales people walked.

Yes.

> p.s. providing a publicly available BGP looking glasses will contribute
> to proving your innocence in cases like these. Since in many cases the
> AS_PATH is a complete fabrication, we need to manually check every AS in
> the AS_PATH to see whether the AS carries the fake more-specific. A
> public looking glass speeds up this fault-finding process. If you don't
> want to host a webinterface yourself, please consider sending a BGP feed
> to the Route Views Project or RIPE RIS, or for something queryable in a
> real-time fashion the NLNOG RING Looking Glass http://lg.ring.nlnog.net/

As a RIPE RIS operator, we regularly get people complaining 'oh but we
are not advertising that prefix, your system must be broken'.

Usually it is one of these BGP-optimizer more-specifics leaking out.

Cheers,
Colin