YouTube IP Hijacking

• Previous message (by thread): YouTube IP Hijacking
• Next message (by thread): YouTube IP Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 25, 2008, at 2:32 AM, Hank Nussbacher wrote:
> At 05:31 AM 25-02-08 +0000, Steven M. Bellovin wrote:
>
>> Seriously -- a number of us have been warning that this could happen.
>> More precisely, we've been warning that this could happen *again*; we
>> all know about many older incidents, from the barely noticed to the  
>> very
>> noisy.  (AS 7007, anyone?)  Something like S-BGP will stop this cold.
>>
>> Yes, I know there are serious deployment and operational issues.  The
>> question is this: when is the pain from routing incidents great  
>> enough
>> that we're forced to act?  It would have been nice to have done
>> something before this, since now all the world's script kiddies have
>> seen what can be done.
>
> "we've been warning that this could happen *again*" - this is  
> happening every day - just look to:
> http://cs.unm.edu/~karlinjf/IAR/prefix.php?filter=most
> http://cs.unm.edu/~karlinjf/IAR/subprefix.php?filter=most
> for samples.  Thing is - these prefix hijacks are not big ticket  
> sites like Youtube or Microsoft or Cisco or even whitehouse.gov -  
> but rather just sites that never make it onto the NANOG radar.

How many of those would be stopped with transit providers filtering  
their downstreams?  Which doesn't require rolling out a new technology  
like SBGP.  And, I would argue, if we cannot even get transit  
providers to filter their downstreams, there is no way in hell we can  
get transit providers to filter on some RR or doing authentication on  
individual prefixes.

Let's start with the easy stuff.  Walk before run and all that.

-- 
TTFN,
patrick

• Previous message (by thread): YouTube IP Hijacking
• Next message (by thread): YouTube IP Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]