[175827] in North American Network Operators' Group
Re: BGP Security Research Question
daemon@ATHENA.MIT.EDU (sthaug@nethelp.no)
Tue Nov 4 07:38:24 2014
X-Original-To: nanog@nanog.org
Date: Tue, 04 Nov 2014 13:38:14 +0100 (CET)
To: yuri@yurisk.info
From: sthaug@nethelp.no
In-Reply-To: <CAJ8Xm19Qw9aJd1JoQKrfJHOYRetqP8SDctxw6AMjW8iFNvqy8A@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> In real life people use - bgp ttl security, md5 passwords, control plane
> protection of 179 port, inbound/outbound routes filters. So far this has
> been enough.
These mechanisms do little or nothing to protect against unauthorized
origination of routing information. There are plenty of examples which
say it has *not* been enough, see for instance the Pakistan Telecom -
Youtube incident in 2008.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
