"Is BGP safe yet?" test

• Previous message (by thread): "Is BGP safe yet?" test
• Next message (by thread): "Is BGP safe yet?" test
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From a practical standpoint, this doesn't actually tell the whole truth

indeed.  route origin validation, while a good thing, does not make
bgp safe from attack.  this marketing fantasy is being propagated;
but is BS.

origin validation was designed to reduce the massive number of problems
cause by fat figured configuration errors by operators.  it will not
even get all of those; but it will greatly improve things.

but it provides almost zero protection against malicious attack.  the
attacker merely has to prepend (in the formal, not cisco display) the
'correct' origin AS to their malicious announcement.

randy

• Previous message (by thread): "Is BGP safe yet?" test
• Next message (by thread): "Is BGP safe yet?" test
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]