North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: That pesky AS path corruption bug...

  • From: Jeff Haas
  • Date: Tue May 23 16:21:32 2000

On Tue, 23 May 2000, Blaine Christian wrote:
> else is free game.  Who besides a route-server would want to prepend an
> AS besides their own.  Who wants to allow customers and perhaps even
> peers to send routes prepending an AS that is not their own? 

FWIW, route servers (at least RSng ones) either prepend their own AS
or leave the path information alone.  No sane BGP speaker would prepend
anything other than its own, its peers (proxy AS prepending)
or internal AS numbers for confederation purposes.

This isn't to say that "routers" can't diddle with it all they want.
If you have access to a BGP session and can muck with AS-paths
in routing updates, you have access to a very effective denial of
routing attack.

The only valid defense against such mucking that I can think of
is verifying AS adjacencies against some registry and flagging
unknown paths.  This is not a cheap thing to do.  This, however,
is far saner than cryptographically signing all routing updates
which is one solution I've heard proposed. :-P

Jeffrey Haas - Merit RSng project - [email protected]