[107252] in North American Network Operators' Group
Re: Revealed: The Internet's well known BGP behavior
daemon@ATHENA.MIT.EDU (Joe Greco)
Thu Aug 28 13:59:14 2008
From: Joe Greco <jgreco@ns.sol.net>
To: smb@cs.columbia.edu (Steven M. Bellovin)
Date: Thu, 28 Aug 2008 12:58:59 -0500 (CDT)
In-Reply-To: <20080828115630.3feb8f7a@cs.columbia.edu> from "Steven M.
Bellovin" at Aug 28, 2008 11:56:30 AM
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> To quote Bruce Schneier quoting an NSA maxim, attacks only get better;
> they never get worse. We now have running code of one way to do this.
> I think most NANOG readers can see many more ways to do it. A real
> solution will take years to deploy, but it will never happen if we
> don't start. And we want to have the solution out there *before* we
> see serious attacks on BGP.
>
> Again, thank you -- it was really nice work.
Seems like we *could* get a large part of the way there if people were
only checking the information in question. While not the long-term fix
of being able to prove authorization to advertise space, simply requiring
a LOA at the edge, and requiring IRR further in, and keeping records of
what was advertised, would seem to be a worthwhile improvement on the
current state of affairs. Total prevention is a very rough goal, so
making it more difficult, combined with being able to identify when
someone did something bad, really ought to be a worthwhile interim goal,
and I've wondered for a long time why this isn't being done.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
