Revealed: The Internet's well known BGP behavior
Gadi Evron
ge at linuxbox.org
Thu Aug 28 08:58:24 UTC 2008
On Wed, 27 Aug 2008, Patrick W. Gilmore wrote:
> On Aug 27, 2008, at 11:07 PM, John Lee wrote:
>
>> 1. The technique is not new it is well known BGP behavior and not stealthy
>> to people who route for a living.
>
> Using existing technology in novel ways is still novel. Plus it makes the
> technique more accessible. (Perhaps that is not a good thing?)
People (especially spammers) have been hijacking networks for a while now,
maybe now that we have a presentation to whore around, operators can
pressure vendors and bosses.
Gadi.
>
>> 2. When your networks use VPNs, MPLS, IPsec, SSL et al you can control what
>> packets are going where.
>
> No, you cannot. You can only ensure your end points are the end points you
> think they are. In no way, shape, or form do things like IPsec, SSL, etc.
> verify or control the intermediate hops.
>
>
>> 3. When you are running some number of trace routes per hour to see how and
>> where your packets are going you spot the additional hops.
>
> The presentation specifically shows hiding the hops by re-writing TTLs.
> Perhaps you do not understand this attack as well as you thought?
>
>
>> 4. If you do cold potatoe routing and know where you peering points are and
>> what the acls and peering policies are it is more difficult to hijack.
>
> Would that network operators were so diligent.
>
>
>> And finally you use high speed optical paths or broad band ISDN (ATM) why
>> route when you can deterministically switch.
>
> Because people want to be able to reach the entire planet with a single port
> and without "deterministically" creating paths to every single end point.
>
> Why use ISDN (ATM) when you can do something useful?
>
> --
> TTFN,
> patrick
>
>
More information about the NANOG
mailing list