mailing list archives
Re: BGP to doom us all
From: batz <batsy () vapour net>
Date: Fri, 28 Feb 2003 18:01:28 -0500 (EST)
On Fri, 28 Feb 2003, Bruce Pinsky wrote:
:What a crock of crap. Knowing who someone is doesn't stop them from causing
:intentional or unintentional problems. In fact, authentication is more likely
:to cause people to become complacent wrt their filtering policies. Hey I've
:authenticated that router so it's going to only send me correct routes.
The authentication I suspect he is referring to, is certification
of the routes themselves, not just mere peer authentication.
However, given the recent academic popularity of attacks against routers,
such as the phenolit OSPF exploit, Bindviews TCP ISN strange attractors,
Tim Newshams ISN paper, some large vendors use of widely available
hardware and/or operating systems, and others, it's worth being extra
mindful of router security.
Dashing off press releases about internet vulnerabilities is a bit like
that cold fusion in a coffee cup incident. It harmed the credibility of
all researchers and may have set back alot of other legitimate efforts.
The technical solutions are pretty easy, almost everyone on the list
understands them. Us cassandras in the security business just have to
find a better way of making people more mindful of security in their
day to day operations. Appeasing the media's thirst for broad and
fearsome pronouncements doesn't help things. Unfortunately, this
sort of mindfulness isn't so much taught as it must be learned, and
so we are back to the operator clue issue.
Re: BGP to doom us all Sean Donelan (Mar 01)