BGP route filtering. You want it.

Bourbon.Odenthal at sce.com Bourbon.Odenthal at sce.com
Mon Aug 11 20:57:13 UTC 2008


I really enjoyed it!  Rerouting all of Defcon's traffic thru NY was a nice touch.  Hopefully the additional awareness of this will help progress toward getting the issues fixed.  Good job!

-bb


----- Original Message -----
From: "Anton Kapela" [tkapela at gmail.com]
Sent: 08/11/2008 01:47 PM MST
To: nanog at nanog.org
Subject: BGP route filtering. You want it.



List,

[Apologies in advance for operational content. I Don't mean to distract
readers from the usual flamewars about rfc1918, bogon filtering, and
some of our favorite posters - gadi and n3td3v.]

I'd like to give a heads-up to the NANOG community regarding the talk
we recently gave at DEFCON.

The slides can be found here: http://eng.5ninesdata.com/~tkapela/iphd-2.ppt

In a nutshell, we demonstrated that current lack of secure filtering
infrastructure not only permits DoS-like attacks, but also full
"traffic monitoring" of arbitrary prefixes from essentially anywhere
in the world.

None of this should come as surprise to the NANOG and
operationally-aware crowd - this has been discussed extensively
previously before on-list, and extensively at conferences. Additional
novelty presented is the returning of traffic back to victim network
over Internet (creative as-path prepends & loop detection) and
obscuring the 'additional hops' this sort of thing creates with
additive ttl.

Suggested additional reading below:

http://www.nanog.org/mtg-9802/yu.ppt
http://www.nanog.org/mtg-0010/ppt/tony.ppt
http://www.nanog.org/mtg-0010/ppt/danny.ppt
http://www.nanog.org/mtg-0206/ppt/security1.1.pdf
http://www.nanog.org/mtg-0501/pdf/tauber.pdf
http://www.nanog.org/mtg-0505/pdf/underwood.pdf
http://www.nanog.org/mtg-0510/pdf/deleskie.pdf
http://www.nanog.org/mtg-0602/pdf/boothe.pdf
http://www.nanog.org/mtg-0610/presenter-pdfs/massey.pdf
http://www.nanog.org/mtg-0806/presentations/wednesday/DanMcP_Route_Filter_Panel_N43.pdf
http://www.nanog.org/mtg-0806/presentations/sunday/BRGREEN_prefix_filtering_N43.ppt
http://www.renesys.com/tech/presentations/pdf/menog3-youtube.pdf
http://www.renesys.com/tech/presentations/pdf/nanog43-hijack.pdf

-Tk/P.





More information about the NANOG mailing list