North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
BGP route filtering. You want it.
List, [Apologies in advance for operational content. I Don't mean to distract readers from the usual flamewars about rfc1918, bogon filtering, and some of our favorite posters - gadi and n3td3v.] I'd like to give a heads-up to the NANOG community regarding the talk we recently gave at DEFCON. The slides can be found here: http://eng.5ninesdata.com/~tkapela/iphd-2.ppt In a nutshell, we demonstrated that current lack of secure filtering infrastructure not only permits DoS-like attacks, but also full "traffic monitoring" of arbitrary prefixes from essentially anywhere in the world. None of this should come as surprise to the NANOG and operationally-aware crowd - this has been discussed extensively previously before on-list, and extensively at conferences. Additional novelty presented is the returning of traffic back to victim network over Internet (creative as-path prepends & loop detection) and obscuring the 'additional hops' this sort of thing creates with additive ttl. Suggested additional reading below: http://www.nanog.org/mtg-9802/yu.ppt http://www.nanog.org/mtg-0010/ppt/tony.ppt http://www.nanog.org/mtg-0010/ppt/danny.ppt http://www.nanog.org/mtg-0206/ppt/security1.1.pdf http://www.nanog.org/mtg-0501/pdf/tauber.pdf http://www.nanog.org/mtg-0505/pdf/underwood.pdf http://www.nanog.org/mtg-0510/pdf/deleskie.pdf http://www.nanog.org/mtg-0602/pdf/boothe.pdf http://www.nanog.org/mtg-0610/presenter-pdfs/massey.pdf http://www.nanog.org/mtg-0806/presentations/wednesday/DanMcP_Route_Filter_Panel_N43.pdf http://www.nanog.org/mtg-0806/presentations/sunday/BRGREEN_prefix_filtering_N43.ppt http://www.renesys.com/tech/presentations/pdf/menog3-youtube.pdf http://www.renesys.com/tech/presentations/pdf/nanog43-hijack.pdf -Tk/P.