nanog mailing list archives
Re: BGP Security Research Question
From: Yuri Slobodyanyuk <yuri () yurisk info>
Date: Tue, 4 Nov 2014 15:45:40 +0200
Let me disagree - Pakistan Youtube was possible only because their uplink provider did NOT implement inbound route filters . As always the weakest link is human factor - and no super-duper newest technology is ever to help here . As regards to S-bgp/soBGP from technical point of view , wait for the day when the vulnerability gets published (SSL-heartbleed style) that invalidates all this PKI stuff ... Yuri On Tue, Nov 4, 2014 at 2:38 PM, <sthaug () nethelp no> wrote:
In real life people use - bgp ttl security, md5 passwords, control plane protection of 179 port, inbound/outbound routes filters. So far this has been enough.These mechanisms do little or nothing to protect against unauthorized origination of routing information. There are plenty of examples which say it has *not* been enough, see for instance the Pakistan Telecom - Youtube incident in 2008. Steinar Haug, Nethelp consulting, sthaug () nethelp no
-- Taking challenges one by one. http://yurisk.info
Current thread:
- BGP Security Research Question Anthony Weems (Nov 04)
- Re: BGP Security Research Question Roland Dobbins (Nov 04)
- Re: BGP Security Research Question Valdis . Kletnieks (Nov 04)
- Re: BGP Security Research Question Roland Dobbins (Nov 04)
- Re: BGP Security Research Question Valdis . Kletnieks (Nov 04)
- Re: BGP Security Research Question Yuri Slobodyanyuk (Nov 04)
- Re: BGP Security Research Question sthaug (Nov 04)
- Re: BGP Security Research Question Nick Hilliard (Nov 04)
- Re: BGP Security Research Question Sandra Murphy (Nov 04)
- RE: BGP Security Research Question Russ White (Nov 04)
- Re: BGP Security Research Question sthaug (Nov 04)
- Re: BGP Security Research Question Yuri Slobodyanyuk (Nov 04)
- Re: BGP Security Research Question Sandra Murphy (Nov 04)
- Re: BGP Security Research Question sthaug (Nov 04)
- Re: BGP Security Research Question Roland Dobbins (Nov 04)