North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: BGP to doom us all
On Fri, 28 Feb 2003, Steven M. Bellovin wrote: > >> My own opinion is that sophisticated routing attacks are the > >> single biggest threat to the Internet. > > > >My opinion is that lazy operational practices are the single biggest threat to > >the Internet. What's the point of building security and robustness into a syst > >em > >when people choose not to turn it on? > > > > "Never attribute to malice what can be explained by incompetence". How do you tell the difference? There have been weird routing problems on the Net for a long time. Some have been large, and quickly fixed. Others have been small, and aren't fixed (as quickly). Some don't even cause problems, but route traffic through unusual places. There have been a few poison packets over the years which crashed alternate implementations. Although I still think the recovery mechanism was sometimes worse than the problem. I'll be stupid, and ask some questions I've always wondered about. Why should routes learned by eBGP have a higher priority than iBGP? Why should BGP implementations flap all good routes when they see a single bad route packet? Why don't SWIP forms include Origin-AS?