[107231] in North American Network Operators' Group
Re: Revealed: The Internet's well known BGP behavior
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Thu Aug 28 01:46:59 2008
From: "Patrick W. Gilmore" <patrick@ianai.net>
To: NANOG list <nanog@merit.edu>
In-Reply-To: <7ff145960808272240x8e3130dkdb6140cdde40c663@mail.gmail.com>
Date: Thu, 28 Aug 2008 01:46:53 -0400
Errors-To: nanog-bounces@nanog.org
On Aug 28, 2008, at 1:40 AM, Jim Popovitch wrote:
> On Thu, Aug 28, 2008 at 1:22 AM, Patrick W. Gilmore
> <patrick@ianai.net> wrote:
>> Assuming it is in the "wrong" place, you may be able to detect the
>> intrusion. But most people do not run traceroutes all day and
>> watch for it
>> to change. If you run the traceroute after the attack starts,
>> well, how are
>> you to know that br01-pos07-$FOO-$BAR is wrong and br03-10GE02-
>> $BLAH-$BAR is
>> right?
>
> Uhhh... network monitoring with traceroute and topology tools. There
> are several off-the-shelf varieties to choose from, and I know of
> several providers that use them.
I stand by my assertion that most people do not run traceroutes all
day and watch for it to change.
That some people are diligent does not change the fact the
overwhelming majority of people are not.
Or the fact that with the right placement of equipment (read "luck")
and cooperation of networks involved (read "laziness"), even a
traceroute won't show any change besides additional latency.
--
TTFN,
patrick
