[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BGP Security Research Question
- Subject: BGP Security Research Question
- From: sandy at tislabs.com (Sandra Murphy)
- Date: Tue, 4 Nov 2014 08:54:58 -0500
- In-reply-to: <CAJ8Xm184hP4dcpiy7syP-p_cBaO=mZaV2LQmqnGPyhdZwMNfMg@mail.gmail.com>
- References: <CAJDTUxOuQeBr2bS0sYJWkZWU7OJLb9+t50Rgccz=ZXx7OfxCGw@mail.gmail.com> <CAJ8Xm19Qw9aJd1JoQKrfJHOYRetqP8SDctxw6AMjW8iFNvqy8A@mail.gmail.com> <[email protected]> <CAJ8Xm184hP4dcpiy7syP-p_cBaO=mZaV2LQmqnGPyhdZwMNfMg@mail.gmail.com>
On Nov 4, 2014, at 8:45 AM, Yuri Slobodyanyuk <yuri at yurisk.info> wrote:
> Let me disagree - Pakistan Youtube was possible only because their uplink
> provider did NOT implement inbound route filters . As always the weakest
> link is human factor - and no super-duper newest technology is ever to help
> here .
One problem with route filters is that the protection relies on the place closest to the problem to detect the leak.
Further on in the network, not as effective.
> As regards to S-bgp/soBGP from technical point of view , wait for the day
> when the vulnerability gets published (SSL-heartbleed style) that
> invalidates all this PKI stuff â?¦
Or the IRRs on which the route filters are built. (No need for publication of a vulnerability. See recent msgs about already known problems with IRRs.)
--Sandy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20141104/9ffc2ba3/attachment.pgp>