Revealed: The Internet's well known BGP behavior

michael.dillon at michael.dillon at
Thu Aug 28 06:22:21 CDT 2008

> I stand by my assertion that most people do not run 
> traceroutes all day and watch for it to change.
> That some people are diligent does not change the fact the 
> overwhelming majority of people are not.
> Or the fact that with the right placement of equipment (read 
> "luck") and cooperation of networks involved (read 
> "laziness"), even a traceroute won't show any change besides 
> additional latency.

Latency is the magic word and that *IS* measured by a lot
more people than do traceroutes. Unless the attackers are
lucky enough or smart enough to do their dirty work from
a server that is reasonably closely colocated to the router
that they exploit, you *WILL* see latency changes. 

It would be wise to change the process for investigating
latency increases to include examining routers for this
BGP rerouting exploit.

--Michael Dillon

