Revealed: The Internet's well known BGP behavior

michael.dillon at bt.com michael.dillon at bt.com
Thu Aug 28 11:22:21 UTC 2008


 
> I stand by my assertion that most people do not run 
> traceroutes all day and watch for it to change.
> 
> That some people are diligent does not change the fact the 
> overwhelming majority of people are not.
> 
> Or the fact that with the right placement of equipment (read 
> "luck") and cooperation of networks involved (read 
> "laziness"), even a traceroute won't show any change besides 
> additional latency.

Bingo!
Latency is the magic word and that *IS* measured by a lot
more people than do traceroutes. Unless the attackers are
lucky enough or smart enough to do their dirty work from
a server that is reasonably closely colocated to the router
that they exploit, you *WILL* see latency changes. 

It would be wise to change the process for investigating
latency increases to include examining routers for this
BGP rerouting exploit.

--Michael Dillon




More information about the NANOG mailing list