Let me disagree - Pakistan Youtube was possible only because their uplink provider did NOT implement inbound route filters . As always the weakest link is human factor - and no super-duper newest technology is ever to help here . As regards to S-bgp/soBGP from technical point of view , wait for the day when the vulnerability gets published (SSL-heartbleed style) that invalidates all this PKI stuff ... Yuri
On Tue, Nov 4, 2014 at 2:38 PM, <sth...@nethelp.no> wrote: > > In real life people use - bgp ttl security, md5 passwords, control plane > > protection of 179 port, inbound/outbound routes filters. So far this has > > been enough. > > These mechanisms do little or nothing to protect against unauthorized > origination of routing information. There are plenty of examples which > say it has *not* been enough, see for instance the Pakistan Telecom - > Youtube incident in 2008. > > Steinar Haug, Nethelp consulting, sth...@nethelp.no > -- Taking challenges one by one. http://yurisk.info
