[126273] in North American Network Operators' Group
Re: Securing the BGP or controlling it?
daemon@ATHENA.MIT.EDU (Jorge Amodio)
Mon May 10 17:23:52 2010
In-Reply-To: <1402799.11131273521723110.JavaMail.root@mail.2nplus1.com>
Date: Mon, 10 May 2010 16:23:20 -0500
From: Jorge Amodio <jmamodio@gmail.com>
To: "Vincent J.. Bono" <vbono@2nplus1.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Also, while (IMHO) the much higher level of private interconnects / peeri=
ng links in use today vs. 1997 makes willful route hijacking more difficult=
, building better security directly into the protocol is certainly in order=
. =A0A good parallel is the SS7 network that runs "routing" for traditional=
voice signaling: it's "secured" by using a completely separate, out of ban=
d TDM network (DS1s and DS0s) but its also an "in the clear" protocol and c=
ould be subject to willful vandalism.
Diff with SS7, we can't send a VoIP msg with every packet saying "Your
packet can not be delivered as routed, please restart your computer
and try again", ohh yes we can ICMP :-)
Cheers
Jorge
