[107239] in North American Network Operators' Group
RE: Revealed: The Internet's well known BGP behavior
daemon@ATHENA.MIT.EDU (michael.dillon@bt.com)
Thu Aug 28 07:22:44 2008
Date: Thu, 28 Aug 2008 12:22:21 +0100
In-Reply-To: <960F6EAB-C660-4B1D-846D-3AB8F330AEB5@ianai.net>
From: <michael.dillon@bt.com>
To: <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
=20
> I stand by my assertion that most people do not run=20
> traceroutes all day and watch for it to change.
>=20
> That some people are diligent does not change the fact the=20
> overwhelming majority of people are not.
>=20
> Or the fact that with the right placement of equipment (read=20
> "luck") and cooperation of networks involved (read=20
> "laziness"), even a traceroute won't show any change besides=20
> additional latency.
Bingo!
Latency is the magic word and that *IS* measured by a lot
more people than do traceroutes. Unless the attackers are
lucky enough or smart enough to do their dirty work from
a server that is reasonably closely colocated to the router
that they exploit, you *WILL* see latency changes.=20
It would be wise to change the process for investigating
latency increases to include examining routers for this
BGP rerouting exploit.
--Michael Dillon
