ietf-asrg
[Top] [All Lists]

RE: [Asrg] Re: Documents for LMAP BOF

2004-02-08 19:34:13

Are there any documents describing how this would happen? Can you 
provide some links?

I'll have to search to see if I can find a good intro.

The basic problem is someone puts a router onto the backbone and then
advertises a BGP route for net 18 (MIT) say with a low cost. This is then
advertised to all the neighboring nodes and all traffic goes to that node
until someone finds out.

A second attack would be to compromise an existing router.

How easy is such attack to pull off? Would a spammer be more 
likely to 
hijack a computer with its identity rather than steal an IP?

It is very easy to do - once. It is probably quite difficult to keep your
network connection if you repeatedly inject malicious BGP data. At present
the attack is usually only made on net blocks that are not in use. This is
where the spam from unallocated address blocks comes from.

It has even been done accidentally, ask Jeff Schiller about the time net 18
really was re-routed to some guys porn site running over a dialup.


The big issue is how much of a problem this is likely to be. How many
routers are likely to be cracked? How easy is it to do without getting
traced?

The questions you ask are really the ones I want an answer to. Is it likely
that SPF will encourage much of this sort of thing when it deploys? What can
be done to remediate it?

I am not going to accept the answer 'don't deploy SPF'. We should secure
BGP, it is an accident waiting to happen in any case.


So far the only proposal to fix this is not at all 
credible. It would
require
new software on all the backbone routers at a minimum (not 
going to happen)
and it would probably require replacement in many cases.


Can you provide a link to this proposal?

Steve Kent, secure BGP
http://www.nwfusion.com/details/6484.html
Note the start date 1996 - this is the one I don't like at all.

Ah, but see this link though
http://www.nwfusion.com/details/6485.html
soBGP does look like it could work. 
http://www.cisco.com/warp/public/759/ipj_6-3/ipj_6-3_bgp2.html

This draft came out since I looked last. It does have the endorsement that
is needed.

I will have to read through and see if it works for SPF/CallerID. 

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>