[107291] in North American Network Operators' Group
Re: BGP Attack - Best Defense ?
daemon@ATHENA.MIT.EDU (Scott Weeks)
Fri Aug 29 18:50:57 2008
Date: Fri, 29 Aug 2008 15:50:45 -0700
From: "Scott Weeks" <surfer@mauigateway.com>
To: <nanog@merit.edu>
Reply-To: surfer@mauigateway.com
Errors-To: nanog-bounces@nanog.org
------- jfesler@gigo.com wrote: -------
From: Jason Fesler <jfesler@gigo.com>
> I am signed up for the Prefix Hijack Alert System
> (phas.netsec.colostate.edu) and would be alerted in about 6 hours (or
> less?) about a prefix announcement change.
Would the alerts go to a mail server behind said BGP prefixes?
---------------------------------------
They would go to me. They have been coming to me since I heard about this service on NANOG.
Thanks folks at Colorado State University! :-)
--------------------------------------
Also, if you're gonna bother at all.. I'd humbly suggest that 6 hours is
too long to wait. Without naming names, consider if this response time is
adequate, and if not, look at some of the commercial options.
--------------------------------------
I'm currently on an eyeball network and no one is physically close to me, since I'm in Hawaii (the most isolated land mass in the world). Even though the TTL changes in this attack, the physics don't. The gamers would probably be the first alert folks as they would see the delay regardless of what their traceroutes say... ;-) In this attack the traffic makes it to both end-points. The middle is what changes.
Restating my question differently: If the attacker is announcing a /24 of mine, I figure it out some how and I start announcing the same. What happens if the attacker doesn't stop?
