Home page logo
/

nanog logo nanog mailing list archives

Re: BGP to doom us all
From: Rob Thomas <robt () cymru com>
Date: Fri, 28 Feb 2003 21:15:28 -0600 (CST)


Hi, NANOGers.

] However, given the recent academic popularity of attacks against routers,

Indeed!  Compromised routers (generally Cisco) are routinely traded in
the underground.  However, these routers are usually compromised by
taking advantage of weak passwords, e.g. "cisco" for access and enable.  :(

Some who trade for compromised routers (one cisco is worth approximately
three to five stolen credit cards) specifically ask for routers running
BGP, and may pay a premium for this extra.

Trade in compromised Juniper routers is rare, but it does occur.

As to what is done with these compromised routers, well, ask me at the
next NANOG.

There are many things folks can do with existing BGP configurations to
make things a bit better.  Prefix filtering, both on ingress and egress,
MD5 authentication, and ACLs for TCP 179 help.  Are they perfect?  No,
nothing is a panacea.  However, raising the bar even a little can yield
impressive results.

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]