BGP related question

Andree Toonk andree+nanog at toonk.nl
Thu Aug 1 22:42:37 UTC 2013


Hi Parthiv,

.-- My secret spy satellite informs me that at 2013-08-01 7:00 AM  Shah,
Parthiv wrote:

> My apology if I am asking for a repeat question on the list. On 7/29/13 I read an incident about accidental BGP broadcast see article here https://isc.sans.edu/diary/BGP+multiple+banking+addresses+hijacked/16249 or older 2008 incident http://www.renesys.com/2008/02/pakistan-hijacks-youtube-1/

This was the same issue as was discussed last week on Nanog:
http://mailman.nanog.org/pipermail/nanog/2013-July/059992.html
In summary there were 72 prefixes hijacked,  they also leaked a few
hundred more specifics of their own prefixes.
You can examples of similar events here: http://www.bgpmon.net/blog/


> 1)  I would like to understand how can we detect and potentially prevent activities like this? I understand native BGP was not design to authenticate IP owners to the BGP broadcaster. Therefore, issues like this due to a human error would happen. How can activities like this be detected as this is clearly a threat if someone decides to broadcast IP networks of an organization and knock the real org. off the Net. 

There are a few BGP monitoring tools available, BGPMon.net is one such
service.

2) In reference to prevention, I recall there were discussions about
secure BGP (S-BGP), Pretty Good BGP, or Secure Original BGP but I don't
remember if any one of them was finalized (from practicality viewpoint)
and if any one of them is implementable/enforceable by ISPs (do anyone
have any insight)?

The thing we can improve today is providers doing a better job of
filtering. But that's still not full proof. Since many folks use
max-prefix filters only on for example Internet Exchange points, it's
easy to pick up a hijacked route from peers.
In the long term RPKI should solve this, but that's not full proof
either.  The next step is full path validation, that's going to take a
while. For more info see for example:
http://www.bgpmon.net/securing-bgp-routing-with-rpki-and-roas/ or
http://en.wikipedia.org/wiki/Resource_Public_Key_Infrastructure

Cheers,
 Andree






More information about the NANOG mailing list