BGP route filtering. You want it.

Anton Kapela tkapela at gmail.com
Mon Aug 11 15:47:34 CDT 2008


List,

[Apologies in advance for operational content. I Don't mean to distract
readers from the usual flamewars about rfc1918, bogon filtering, and
some of our favorite posters - gadi and n3td3v.]

I'd like to give a heads-up to the NANOG community regarding the talk
we recently gave at DEFCON.

The slides can be found here: http://eng.5ninesdata.com/~tkapela/iphd-2.ppt

In a nutshell, we demonstrated that current lack of secure filtering
infrastructure not only permits DoS-like attacks, but also full
"traffic monitoring" of arbitrary prefixes from essentially anywhere
in the world.

None of this should come as surprise to the NANOG and
operationally-aware crowd - this has been discussed extensively
previously before on-list, and extensively at conferences. Additional
novelty presented is the returning of traffic back to victim network
over Internet (creative as-path prepends & loop detection) and
obscuring the 'additional hops' this sort of thing creates with
additive ttl.

Suggested additional reading below:

http://www.nanog.org/mtg-9802/yu.ppt
http://www.nanog.org/mtg-0010/ppt/tony.ppt
http://www.nanog.org/mtg-0010/ppt/danny.ppt
http://www.nanog.org/mtg-0206/ppt/security1.1.pdf
http://www.nanog.org/mtg-0501/pdf/tauber.pdf
http://www.nanog.org/mtg-0505/pdf/underwood.pdf
http://www.nanog.org/mtg-0510/pdf/deleskie.pdf
http://www.nanog.org/mtg-0602/pdf/boothe.pdf
http://www.nanog.org/mtg-0610/presenter-pdfs/massey.pdf
http://www.nanog.org/mtg-0806/presentations/wednesday/DanMcP_Route_Filter_Panel_N43.pdf
http://www.nanog.org/mtg-0806/presentations/sunday/BRGREEN_prefix_filtering_N43.ppt
http://www.renesys.com/tech/presentations/pdf/menog3-youtube.pdf
http://www.renesys.com/tech/presentations/pdf/nanog43-hijack.pdf

-Tk/P.




More information about the NANOG mailing list