BGP related question

chip chip.gwyn at gmail.com
Thu Aug 1 16:00:28 UTC 2013 

For detection, there are a few solutions, but mostly it's just monitoring
the route table for your specific routes and being alerted when things
change.  For prevention there are things like RPKI (
https://www.arin.net/resources/rpki/index.html) that can help.  There are a
few other possibilities as well, each with their own pros and cons and
various cases of weakness.  RPKI seems to be the current favorite and most
widely supported.  Well, by vendors at least...

--chip


On Thu, Aug 1, 2013 at 10:00 AM, Shah, Parthiv <
Parthiv.Shah at theclearinghouse.org> wrote:

> My apology if I am asking for a repeat question on the list. On 7/29/13 I
> read an incident about accidental BGP broadcast see article here
> https://isc.sans.edu/diary/BGP+multiple+banking+addresses+hijacked/16249or older 2008 incident
> http://www.renesys.com/2008/02/pakistan-hijacks-youtube-1/
>
> My questions:
>
>
> 1)      I would like to understand how can we detect and potentially
> prevent activities like this? I understand native BGP was not design to
> authenticate IP owners to the BGP broadcaster. Therefore, issues like this
> due to a human error would happen. How can activities like this be detected
> as this is clearly a threat if someone decides to broadcast IP networks of
> an organization and knock the real org. off the Net. 2) In reference to
> prevention, I recall there were discussions about secure BGP (S-BGP),
> Pretty Good BGP, or Secure Original BGP but I don't remember if any one of
> them was finalized (from practicality viewpoint) and if any one of them is
> implementable/enforceable by ISPs (do anyone have any insight)? 3) If I was
> to ask for an opinion, from your viewpoint which one is better and why and
> which one is not doable and why not?
>
> Thank you in advance,
> Parthiv
>
>
> This e-mail may contain information that is privileged or confidential. If
> you are not the intended recipient, please delete the e-mail and notify us
> immediately.
>



-- 
Just my $.02, your mileage may vary,  batteries not included, etc....

More information about the NANOG mailing list