BGP Security Research Question
Sandra Murphy
sandy at tislabs.com
Tue Nov 4 13:54:58 UTC 2014
On Nov 4, 2014, at 8:45 AM, Yuri Slobodyanyuk <yuri at yurisk.info> wrote:
> Let me disagree - Pakistan Youtube was possible only because their uplink
> provider did NOT implement inbound route filters . As always the weakest
> link is human factor - and no super-duper newest technology is ever to help
> here .
One problem with route filters is that the protection relies on the place closest to the problem to detect the leak.
Further on in the network, not as effective.
> As regards to S-bgp/soBGP from technical point of view , wait for the day
> when the vulnerability gets published (SSL-heartbleed style) that
> invalidates all this PKI stuff …
Or the IRRs on which the route filters are built. (No need for publication of a vulnerability. See recent msgs about already known problems with IRRs.)
--Sandy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20141104/9ffc2ba3/attachment.sig>
More information about the NANOG
mailing list