ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard

2016-06-29 22:27:31
from [Randy Bush] [Permanent Link] 
The second major area of concern I have about this proposal is the
transitive nature of the bgp community.  The issue is that the draft
specifies a mechanism to cause traffic to be dropped on the floor,
that the signaling mechanism is globally transitive in scope, and the
specific intent is that prefixes tagged in this way are exported to
other ASNs. In other words, the draft specifies behaviour that is
risky by default.


risky?  this is a disasterous vulnerability large enough to handle a
very large truck.

we really do not need a global mecahnism by which an attacker can spoof
a bgp announcement of someone's prefixes and cause traffic to the
specified address space(s) to be discarded on a significant portion of
the internet.

until bgp annoucements can be rigorously authenticated, this is a
disaster waiting to happen.  and it will not wait long.

randy
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Christopher Morrow
Next by Date:  RE: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Michel Py
Previous by Thread:  RE: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, Michel Py
Next by Thread:  Re: [GROW] Last Call: <draft-ietf-grow-blackholing-00.txt> (BLACKHOLE BGP Community for Blackholing) to Proposed Standard, joel jaeggli
Indexes:  [Date] [Thread] [Top] [All Lists]