ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] LMAP BOF - risk of BGP attacks compromising LMAP is significant

2004-02-11 12:11:35
from [Matthew Elvey] [Permanent Link] 
On 2/10/2004 4:47 PM, Yakov Shafranovich sent forth electrons to convey:


Hallam-Baker, Phillip wrote:


Just to clarify some of my earlier comments.
I do think this is a serious issue. That does not mean I believe that the existing security mechanisms are entirely inadequate. It simply means that I 
think we should try to understand whether this is the case or not.
If this threat any worse than all of the possibly threats against DNS? If it is on the same level, than we should just mention both in the discussion document. That should be sufficient.
I think it's at least as bad, as we know BGP attacks of the kind we're discussing are occuring regularly in the wild, while I at least don't know that's the case for DNS attacks of the kind we're discussing (I know there are DNS attacks of other types, which don't concern us occurring regularly). I think that's all we can do. Perhaps the sorbs folks could be asked what fraction of the lookups that are hits are hits in hijacked IP space. (I'm tempted to suggest that we suggest that a scoring system weigh listing in a DNSRBL of stolen IP space more heavily than an OK from LMAP, but won't; it currently not in LMAP's scope.)
And the probability of small BGP attacks of the kind we're discussing is close to 1
As for solutions, it might be something that the routing folks need to deal with. I am not sure if we have the mandate or the expertise to deal with it. 

I agree, it's not for us to deal with.
Yakov 

PHB wrote:


Far worse in that it brings down large parts of the Internet in
the worst case - for real. 
The probability of it being realized is lower, the consequences
are much higher.
Actually, the probability of BGP attacks that take over small parts of the Internet is close to 1 - it is going on now; see the link in my previous email - www.completewhois.com has long lists of bogons and hijacked IP subnets, many of them current, and some of them not so small - e.g. current /8 bogons, current /16 hijacks, and past /8 hijacks. 

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 2. Improving Blacklists and Reputation Services, George Schlossnagle
Next by Date:  Re: [Asrg] 2. Improving Blacklists and Reputation Services, Daniel Feenberg
Previous by Thread:  Re: [Asrg] LMAP BOF - risk of BGP attacks compromising LMAP is significant, Yakov Shafranovich
Next by Thread:  RE: [Asrg] LMAP BOF - risk of BGP attacks compromising LMAP is si gnificant, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]