On 5 Nov 2014, at 0:17, valdis.kletni...@vt.edu wrote:
> Am I the only guy wondering how many boxes out there are *still*
> vulnerable to forged RST packets?
That's covered by ' . . . and the like . . . '
;>
---
Roland Dobbins
On Tue, 04 Nov 2014 18:02:47 +0700, "Roland Dobbins" said:
> Networks which haven't implemented the BCPs sometimes find their BGP
> peering sessions disrupted via DDoS attacks against the routers
> themselves; SYN-floods and the like against TCP/179 are sometimes used
> to disrupt BGP sessions i
> Let me disagree - Pakistan Youtube was possible only because their uplink
> provider did NOT implement inbound route filters . As always the weakest
> link is human factor - and no super-duper newest technology is ever to help
> here .
Agreed, the uplink absolutely should have implemented prefix
On Nov 4, 2014, at 8:45 AM, Yuri Slobodyanyuk wrote:
> Let me disagree - Pakistan Youtube was possible only because their uplink
> provider did NOT implement inbound route filters . As always the weakest
> link is human factor - and no super-duper newest technology is ever to help
> here .
One
> Authorization is global. (And so it relies on global access to a
statement of
> the authorization, aye, there's the rub.)
The real rub is -- What are you authorizing? Or perhaps -- what can you
actually authorize in BGP, or any other routing protocol? This is the
question that (as of yet) ha
Let me disagree - Pakistan Youtube was possible only because their uplink
provider did NOT implement inbound route filters . As always the weakest
link is human factor - and no super-duper newest technology is ever to help
here .
As regards to S-bgp/soBGP from technical point of view , wait for the
I don't think anyone uses S-BGB or soBGP in the wild--except on Internet2
(debatable whether I2 is in the wild). Mostly just labs and classrooms...?
We get zmap/nmap/xmap scans on our BGP speakers constantly. However, most
people do a tight lockdown on anything internet-exposed, limiting usef
On Nov 4, 2014, at 8:00 AM, Nick Hilliard wrote:
> On 04/11/2014 12:38, sth...@nethelp.no wrote:
>> These mechanisms do little or nothing to protect against unauthorized
>> origination of routing information. There are plenty of examples which
>> say it has *not* been enough, see for instance th
On 04/11/2014 12:38, sth...@nethelp.no wrote:
> These mechanisms do little or nothing to protect against unauthorized
> origination of routing information. There are plenty of examples which
> say it has *not* been enough, see for instance the Pakistan Telecom -
> Youtube incident in 2008.
mis-ori
> In real life people use - bgp ttl security, md5 passwords, control plane
> protection of 179 port, inbound/outbound routes filters. So far this has
> been enough.
These mechanisms do little or nothing to protect against unauthorized
origination of routing information. There are plenty of example
Having seen few hundreds BGP peerings with internal clients as well as with
uplink providers cannot
recall anyone ever even trying to use such features. And given that both
were created back in late 90s early 2000s we can safely assume these
technologies (S-BGP/soBGP) will stay just that - blue-sky
On 4 Nov 2014, at 10:57, Anthony Weems wrote:
I'm a student in college learning about networking and, specifically,
BGP.
Does anyone have any statistics on the use of S-BGP or soBGP in the
wild?
Take a look at rPKI.
Additionally, do people scan BGP speakers in the same sense that
researche
12 matches
Mail list logo
