[107229] in North American Network Operators' Group
Re: Revealed: The Internet's well known BGP behavior
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Thu Aug 28 01:22:27 2008
From: "Patrick W. Gilmore" <patrick@ianai.net>
To: NANOG list <nanog@merit.edu>
In-Reply-To: <53A6C7E936ED8544B1A2BC990D254F942BF6159B03@MEMEXG1.HOST.local>
Date: Thu, 28 Aug 2008 01:22:21 -0400
Errors-To: nanog-bounces@nanog.org
On Aug 28, 2008, at 12:32 AM, John Lee wrote:
> Thanks guys, going back to my Comer one more time. My issue,
> question was whether the organization doing the hijacking controlled
> all of the routers in the new modified path or only some of them?
That is correct. However, once a packet hits the miscreant's device,
the traceroute is defeated.
Assuming their device is in the right place, you will not be able to
see the difference.
Assuming it is in the "wrong" place, you may be able to detect the
intrusion. But most people do not run traceroutes all day and watch
for it to change. If you run the traceroute after the attack starts,
well, how are you to know that br01-pos07-$FOO-$BAR is wrong and
br03-10GE02-$BLAH-$BAR is right?
--
TTFN,
patrick
