Revealed: The Internet's well known BGP behavior
michael.dillon at bt.com
michael.dillon at bt.com
Thu Aug 28 11:22:21 UTC 2008
> I stand by my assertion that most people do not run
> traceroutes all day and watch for it to change.
>
> That some people are diligent does not change the fact the
> overwhelming majority of people are not.
>
> Or the fact that with the right placement of equipment (read
> "luck") and cooperation of networks involved (read
> "laziness"), even a traceroute won't show any change besides
> additional latency.
Bingo!
Latency is the magic word and that *IS* measured by a lot
more people than do traceroutes. Unless the attackers are
lucky enough or smart enough to do their dirty work from
a server that is reasonably closely colocated to the router
that they exploit, you *WILL* see latency changes.
It would be wise to change the process for investigating
latency increases to include examining routers for this
BGP rerouting exploit.
--Michael Dillon
More information about the NANOG
mailing list