BGP Security Research Question

Sandra Murphy sandy at tislabs.com
Tue Nov 4 13:54:58 UTC 2014


On Nov 4, 2014, at 8:45 AM, Yuri Slobodyanyuk <yuri at yurisk.info> wrote:

> Let me disagree - Pakistan Youtube was possible only because their uplink
> provider did NOT implement inbound route filters . As always the weakest
> link is human factor - and no super-duper newest technology is ever to help
> here .

One problem with route filters is that the protection relies on the place closest to the problem to detect the leak.

Further on in the network, not as effective.

> As regards to S-bgp/soBGP from technical point of view , wait for the day
> when the vulnerability gets published (SSL-heartbleed style) that
> invalidates all this PKI stuff …

Or the IRRs on which the route filters are built.  (No need for publication of a vulnerability.  See recent msgs about already known problems with IRRs.)

--Sandy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20141104/9ffc2ba3/attachment.pgp>


More information about the NANOG mailing list