[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BGP in the Washngton Post

Subject: BGP in the Washngton Post
From: marka at isc.org (Mark Andrews)
Date: Wed, 03 Jun 2015 10:05:12 +1000
In-reply-to: Your message of "Mon, 01 Jun 2015 19:56:28 +0300." <[email protected]>
References: <CAP-guGXCgO2mLXHHLC5kD60-vpALPUT7=oBdUkkg2Vp3iouGhQ@mail.gmail.com> <[email protected]>

In message <556C8EBC.7080109 at netassist.ua>, Max Tulyev writes:
> Is there *IN THEIORY* any possibility to make BGP secure enough now?
> 
> Yes, RPKI protects from fat fingered people, but NOT protects from
> people doing hijacks knowlingly.

At the moment because not enough of the net is covered.  When you
get enough coverage then yes it will protect you because there is
no way to get a valid CERT to authenticate the hijack.

Even before that RPKI will limit the impact of the hijack by isolating
the attack to the networks close to the injection points.  Think
of this as herd immunity.

> The global routing registry really can be the solution, but it
> automatically gives one authority a power to cut off any network.
> Imagine how fast it will be used for censorship.

> On 01.06.15 16:24, William Herrin wrote:
> > Interesting story about BGP and security in the Washington Post today:
> > 
> > http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/
> > 
> > -Bill
> > 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

Follow-Ups:
- BGP in the Washngton Post
  - From: randy at psg.com (Randy Bush)

References:
- BGP in the Washngton Post
  - From: bill at herrin.us (William Herrin)
- BGP in the Washngton Post
  - From: maxtul at netassist.ua (Max Tulyev)

Prev by Date: AWS Elastic IP architecture
Next by Date: WiFi courses/vendors recommendation
Previous by thread: BGP in the Washngton Post
Next by thread: BGP in the Washngton Post
Index(es):
- Date
- Thread