Revealed: The Internet's well known BGP behavior

Gadi Evron ge at linuxbox.org
Thu Aug 28 08:58:24 UTC 2008


On Wed, 27 Aug 2008, Patrick W. Gilmore wrote:
> On Aug 27, 2008, at 11:07 PM, John Lee wrote:
>
>> 1. The technique is not new it is well known BGP behavior and not stealthy 
>> to people who route for a living.
>
> Using existing technology in novel ways is still novel.  Plus it makes the 
> technique more accessible.  (Perhaps that is not a good thing?)

People (especially spammers) have been hijacking networks for a while now, 
maybe now that we have a presentation to whore around, operators can 
pressure vendors and bosses.

 	Gadi.

>
>> 2. When your networks use VPNs, MPLS, IPsec, SSL et al you can control what 
>> packets are going where.
>
> No, you cannot.  You can only ensure your end points are the end points you 
> think they are.  In no way, shape, or form do things like IPsec, SSL, etc. 
> verify or control the intermediate hops.
>
>
>> 3. When you are running some number of trace routes per hour to see how and 
>> where your packets are going you spot the additional hops.
>
> The presentation specifically shows hiding the hops by re-writing TTLs. 
> Perhaps you do not understand this attack as well as you thought?
>
>
>> 4. If you do cold potatoe routing and know where you peering points are and 
>> what the acls and peering policies are it is more difficult to hijack.
>
> Would that network operators were so diligent.
>
>
>> And finally you use high speed optical paths or broad band ISDN (ATM) why 
>> route when you can deterministically switch.
>
> Because people want to be able to reach the entire planet with a single port 
> and without "deterministically" creating paths to every single end point.
>
> Why use ISDN (ATM) when you can do something useful?
>
> -- 
> TTFN,
> patrick
>
>




More information about the NANOG mailing list