Revealed: The Internet's well known BGP behavior

Steven M. Bellovin smb at
Thu Aug 28 10:56:30 CDT 2008

On Thu, 28 Aug 2008 10:16:16 -0500
"Anton Kapela" <tkapela at> wrote:

> I thought I'd toss in a few comments, considering it's my fault that
> few people are understanding this thing yet.
> >> On Thu, Aug 28, 2008 at 2:28 PM, Gadi Evron <ge at>
> >> wrote:
> >>>
> >>> People (especially spammers) have been hijacking networks for a
> >>> while
> I'd like to 'clear the air' here. Clearly, I failed at Defcon, WIRED,
> AFP, and Forbes.
> We all know sub-prefix hijacking is not news. What is news? Using
> as-path loop detection to selectively blackhole the hijacked route -
> which creates a transport path _back to_ the target.
> That's all it is, nothing more. All but the WIRED follow-up article
> missed this point *completely.* They over-represented the 'hijacking'
> aspects, while only making mention of the 'interception' potential.
> Lets end this thread with the point I had intended two weeks ago:
> we've presented a method by which all the theory spewed by academics
> can be actualized in a real network (the big-I internet) to effect
> interception of data between (nearly) arbitrary endpoints from
> (nearly) any edge or stub AS. That, I think, is interesting.
Indeed, and I thank you for it.  As noted, I and others have been
warning about the problem for a long time.  You've shown that it isn't
just an ivory tower exercise; maybe people will now get serious about
deploying a solution.

To quote Bruce Schneier quoting an NSA maxim, attacks only get better;
they never get worse.  We now have running code of one way to do this.
I think most NANOG readers can see many more ways to do it.  A real
solution will take years to deploy, but it will never happen if we
don't start.  And we want to have the solution out there *before* we
see serious attacks on BGP.

Again, thank you -- it was really nice work.

		--Steve Bellovin,

More information about the NANOG mailing list