[107780] in North American Network Operators' Group
Re: community real-time BGP hijack notification service
daemon@ATHENA.MIT.EDU (Nathan Ward)
Sat Sep 13 03:58:30 2008
From: Nathan Ward <nanog@daork.net>
To: nanog <nanog@merit.edu>
In-Reply-To: <48CB69DE.9090504@psg.com>
Date: Sat, 13 Sep 2008 19:58:21 +1200
Errors-To: nanog-bounces@nanog.org
On 13/09/2008, at 7:21 PM, Randy Bush wrote:
> i am occasionally asked if there have been real bgp attacks (not
> slips).
> the answer is, of course yes, but there are none which can be publicly
> described. when bucks and embarrassment are involved, security
> through
> obscurity seems to rule.
>
> but tony and alex did us an enormous favor by publicly conducting such
> an attack, see http://www.merit.edu/mail.archives/nanog/msg10357.html
>
> so, what i want to know is which, if any of the tools being
> discussed on
> this thread *actually* did or could detect and/or mitigate the tony/
> alex
> defcon attack.
>
> i appreciate the dozens of tools that detect and mitigate finger or
> brain fumbles. but those are not where the black hats are gonna go to
> make the big bucks.
Yep, that was my point before.
My concern is that unless there is big bold text saying that it's not
a solution, and then reference to longer optional text for those that
care about why, people will get a false sense of security.
--
Nathan Ward
