Home page logo
/

nanog logo nanog mailing list archives

Re: do not filter your customers
From: Shane Amante <shane () castlepoint net>
Date: Fri, 24 Feb 2012 23:28:15 -0700


On Feb 24, 2012, at 5:49 PM, Randy Bush wrote:
Solving for route leaks is /the/ "killer app" for BGPSEC.

as would be solving world hunger, war, bad cooking, especially bad
cooking.

route leaks, as much as i understand them
 o are indeed bad ops issues
 o are not security per se
 o are a violation of business relationshiops
 o and 20 years of fighting them have not given us any significant
   increase in understanding, formal definition, or prevention.

i would love to see progress on the route leak problem.  i do not
confuddle it with security.


So, it is not OK for traffic to be /intentionally/ diverted through a malevolent AS, but it is OK for traffic to be 
/unintentionally/ diverted through a (possibly) malevolent AS?  Who's to judge the security exposure[1] of the latter 
is not identical (or, worse) than the former?

-shane

[1] dropped traffic, traffic analysis, etc. 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]