North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Heads up: Long AS-sets announced in the next few days
On Thu, 2005-03-03 at 20:27 +1100, Geoff Huston wrote: >>On 2005-03-02, at 19.38, James A. T. Rice wrote: >> >> > This seems to suggest that you are just picking ASns at random to >> > inject into the paths, and that you don't have a set of ASs which you >> > have the assignees permission to use. >> >>Would't this then actually equate to resource hijacking along the lines >>of prefix hijacking? Who will be the first to hit the RIRs? > >Isn't this a case of illustrating how easy it is to tell lies in BGP today? >I don't >see what hitting the RIRs has do to with this. The problem appears to be more >basic than that - its just too easy to tell lies in BGP and get the lies >propagated globally. I am probably telling you what you already know, but for the ones who don't know it yet: Secure BGP (S-BGP): http://www.ir.bbn.com/projects/s-bgp/ http://www.nanog.org/mtg-0306/pdf/bellovinsbgp.pdf http://www.nwfusion.com/details/6484.html?def and of course the sister by amongst others Cisco: Secure Origin BGP (SO-BGP): http://bgp.potaroo.net/ietf/idref/ draft-ng-sobgp-bgp-extensions/ http://www.nwfusion.com/details/6485.html http://www.nanog.org/mtg-0306/pdf/alvaro.pdf etc... most people know how to google I guess ;) Aka BGP with certificates and other nice tricks. Greets, Jeroen Attachment:
signature.asc
|