celebrating 10 years of routing insecurity

Job Snijders job at ntt.net
Fri Aug 10 12:30:38 UTC 2018


Dear all,

Today marks the 10th anniversary of the famous Kapela-Pilosov
Man-in-the-middle BGP attack! It is a fantastic and innovative attack
that would be worthy of referencing in the next Mr Robot season. :-)

    video: https://www.youtube.com/watch?v=S0BM6aB90n8
    slide: https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf

So, what is the state of routing security anno 2018?

It seems that as an industry we're on an upwards trajectory: various IRR
registries are locking themselves down to prevent creation of
unauthorized route(6) objects, new filter generation tools are becoming
available, RPKI based BGP Origin Validation is slowly seeing more and
more deployment, and the concept of blocking route announcements with
improbable AS_PATHs is gaining popularity as well.

Let's see where we are 10 years from now!

Kind regards,

Job


More information about the NANOG mailing list