[56254] in North American Network Operators' Group
Re: BGP to doom us all
daemon@ATHENA.MIT.EDU (Rob Thomas)
Fri Feb 28 22:17:00 2003
Date: Fri, 28 Feb 2003 21:15:28 -0600 (CST)
From: Rob Thomas <robt@cymru.com>
To: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.BSF.4.21.0302281716260.40380-100000@vapour.net>
Errors-To: owner-nanog-outgoing@merit.edu
Hi, NANOGers.
] However, given the recent academic popularity of attacks against routers,
Indeed! Compromised routers (generally Cisco) are routinely traded in
the underground. However, these routers are usually compromised by
taking advantage of weak passwords, e.g. "cisco" for access and enable. :(
Some who trade for compromised routers (one cisco is worth approximately
three to five stolen credit cards) specifically ask for routers running
BGP, and may pay a premium for this extra.
Trade in compromised Juniper routers is rare, but it does occur.
As to what is done with these compromised routers, well, ask me at the
next NANOG.
There are many things folks can do with existing BGP configurations to
make things a bit better. Prefix filtering, both on ingress and egress,
MD5 authentication, and ACLs for TCP 179 help. Are they perfect? No,
nothing is a panacea. However, raising the bar even a little can yield
impressive results.
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);
