From: Jeroen Massar (no email)
Date: Thu Mar 03 2005 - 12:02:09 EST
On Thu, 2005-03-03 at 20:27 +1100, Geoff Huston wrote:
>>On 2005-03-02, at 19.38, James A. T. Rice wrote:
>>
>> > This seems to suggest that you are just picking ASns at random to
>> > inject into the paths, and that you don't have a set of ASs which you
>> > have the assignees permission to use.
>>
>>Would't this then actually equate to resource hijacking along the lines
>>of prefix hijacking? Who will be the first to hit the RIRs?
>
>Isn't this a case of illustrating how easy it is to tell lies in BGP today?
>I don't
>see what hitting the RIRs has do to with this. The problem appears to be more
>basic than that - its just too easy to tell lies in BGP and get the lies
>propagated globally.
I am probably telling you what you already know, but for the ones who
don't know it yet:
Secure BGP (S-BGP):
http://www.ir.bbn.com/projects/s-bgp/
http://www.nanog.org/mtg-0306/pdf/bellovinsbgp.pdf
http://www.nwfusion.com/details/6484.html?def
and of course the sister by amongst others Cisco:
Secure Origin BGP (SO-BGP):
http://bgp.potaroo.net/ietf/idref/ draft-ng-sobgp-bgp-extensions/
http://www.nwfusion.com/details/6485.html
http://www.nanog.org/mtg-0306/pdf/alvaro.pdf
etc... most people know how to google I guess ;)
Aka BGP with certificates and other nice tricks.
Greets,
Jeroen
|
|
|