BGP Security Research Question

Yuri Slobodyanyuk yuri at
Tue Nov 4 13:45:40 UTC 2014

Let me disagree - Pakistan Youtube was possible only because their uplink
provider did NOT implement inbound route filters . As always the weakest
link is human factor - and no super-duper newest technology is ever to help
here .
As regards to S-bgp/soBGP from technical point of view , wait for the day
when the vulnerability gets published (SSL-heartbleed style) that
invalidates all this PKI stuff ...

On Tue, Nov 4, 2014 at 2:38 PM, <sthaug at> wrote:

> > In real life people use - bgp ttl security, md5 passwords, control plane
> > protection of 179 port, inbound/outbound routes filters. So far this has
> > been enough.
> These mechanisms do little or nothing to protect against unauthorized
> origination of routing information. There are plenty of examples which
> say it has *not* been enough, see for instance the Pakistan Telecom -
> Youtube incident in 2008.
> Steinar Haug, Nethelp consulting, sthaug at

Taking challenges one by one.

More information about the NANOG mailing list