North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP to doom us all

  • From: Rob Thomas
  • Date: Fri Feb 28 22:38:32 2003

Hi, Alex.

] RCS of your router config is your friend.

Yep, agreed.  Sanity checking router configurations is a very wise move.
Just so everyone knows, the miscreants generally disable all logging
capability and enact ACLs to block all ICMP, UDP, and selectively permit
telnet from their hacked hosts.  These are some of the warning signs.

] Who cares? If the other routers are configured correctly, they wont take
] tainted advertisements. If they are not configured correctly, any Super
] Secure BGP wont help.

Yep, thus my constant raving about prefix filtering.  :)

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);