|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BGP to doom us all
On Fri, 28 Feb 2003, Bruce Pinsky wrote: :What a crock of crap. Knowing who someone is doesn't stop them from causing :intentional or unintentional problems. In fact, authentication is more likely :to cause people to become complacent wrt their filtering policies. Hey I've :authenticated that router so it's going to only send me correct routes. :Puleeeaaazzzz... The authentication I suspect he is referring to, is certification of the routes themselves, not just mere peer authentication. However, given the recent academic popularity of attacks against routers, such as the phenolit OSPF exploit, Bindviews TCP ISN strange attractors, Tim Newshams ISN paper, some large vendors use of widely available hardware and/or operating systems, and others, it's worth being extra mindful of router security. Dashing off press releases about internet vulnerabilities is a bit like that cold fusion in a coffee cup incident. It harmed the credibility of all researchers and may have set back alot of other legitimate efforts. The technical solutions are pretty easy, almost everyone on the list understands them. Us cassandras in the security business just have to find a better way of making people more mindful of security in their day to day operations. Appeasing the media's thirst for broad and fearsome pronouncements doesn't help things. Unfortunately, this sort of mindfulness isn't so much taught as it must be learned, and so we are back to the operator clue issue. *sigh*. Mu. ;) -- batz
|