> I stand by my assertion that most people do not run > traceroutes all day and watch for it to change. > > That some people are diligent does not change the fact the > overwhelming majority of people are not. > > Or the fact that with the right placement of equipment (read > "luck") and cooperation of networks involved (read > "laziness"), even a traceroute won't show any change besides > additional latency.
Bingo! Latency is the magic word and that *IS* measured by a lot more people than do traceroutes. Unless the attackers are lucky enough or smart enough to do their dirty work from a server that is reasonably closely colocated to the router that they exploit, you *WILL* see latency changes. It would be wise to change the process for investigating latency increases to include examining routers for this BGP rerouting exploit. --Michael Dillon
