BGP related question
andree+nanog at toonk.nl
Thu Aug 1 22:42:37 UTC 2013
.-- My secret spy satellite informs me that at 2013-08-01 7:00 AM Shah,
> My apology if I am asking for a repeat question on the list. On 7/29/13 I read an incident about accidental BGP broadcast see article here https://isc.sans.edu/diary/BGP+multiple+banking+addresses+hijacked/16249 or older 2008 incident http://www.renesys.com/2008/02/pakistan-hijacks-youtube-1/
This was the same issue as was discussed last week on Nanog:
In summary there were 72 prefixes hijacked, they also leaked a few
hundred more specifics of their own prefixes.
You can examples of similar events here: http://www.bgpmon.net/blog/
> 1) I would like to understand how can we detect and potentially prevent activities like this? I understand native BGP was not design to authenticate IP owners to the BGP broadcaster. Therefore, issues like this due to a human error would happen. How can activities like this be detected as this is clearly a threat if someone decides to broadcast IP networks of an organization and knock the real org. off the Net.
There are a few BGP monitoring tools available, BGPMon.net is one such
2) In reference to prevention, I recall there were discussions about
secure BGP (S-BGP), Pretty Good BGP, or Secure Original BGP but I don't
remember if any one of them was finalized (from practicality viewpoint)
and if any one of them is implementable/enforceable by ISPs (do anyone
have any insight)?
The thing we can improve today is providers doing a better job of
filtering. But that's still not full proof. Since many folks use
max-prefix filters only on for example Internet Exchange points, it's
easy to pick up a hijacked route from peers.
In the long term RPKI should solve this, but that's not full proof
either. The next step is full path validation, that's going to take a
while. For more info see for example:
More information about the NANOG