Hallam-Baker, Phillip wrote:
1) BGP Security Concerns
The primary security concern that needs to be addressed is the
incentive to hijack legitimate IP address blocks via BGP spoofing.
Is this the same IP spoofing issue being addressed in the end of this
message:
http://www1.ietf.org/mail-archive/working-groups/asrg/current/
msg08549.html
No. A BGP level attack is an attack on the Internet backbone, I simply
inject
fake routes into the system. BGP does not have much of an authentication
model
and that which it does have is not very good.
Are there any documents describing how this would happen? Can you
provide some links?
How easy is such attack to pull off? Would a spammer be more likely to
hijack a computer with its identity rather than steal an IP?
So far the only proposal to fix this is not at all credible. It would
require
new software on all the backbone routers at a minimum (not going to happen)
and it would probably require replacement in many cases.
Can you provide a link to this proposal?
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Among all our enemies / The ones to be most feared are often the
smallest" (Jean de la Fontaine)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg