[c-nsp] The Internet's Biggest Security Hole

Smales, Robert Robert.Smales at cw.com
Fri Aug 29 10:25:00 EDT 2008 


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Ziv Leyes
> Sent: 28 August 2008 08:12
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] The Internet's Biggest Security Hole
> 
> 
> I know this is not cisco related, but it's of every network 
> admin's concern in general.
> http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
> 

'Kapela said eavesdropping could be thwarted if ISPs aggressively filtered to allow only authorized peers to draw traffic from their routers, and only for specific IP prefixes. But filtering is labor intensive, and if just one ISP declines to participate, it "breaks it for the rest of us," he said.

"Providers can prevent our attack absolutely 100 percent," Kapela said. "They simply don't because it takes work, and to do sufficient filtering to prevent these kinds of attacks on a global scale is cost prohibitive."'

But

'. . . For this, Kent and BBN colleagues developed Secure BGP (SBGP), which would require BGP routers to digitally sign with a private key any prefix advertisement they propagated. An ISP would give peer routers certificates authorizing them to route its traffic; each peer on a route would sign a route advertisement and forward it to the next authorized hop. "'

And this is going to be less hassle than using RTConfig or a similar script to rebuild your prefix filters a couple of times a day?

Robert

Robert Smales                                                
IP Provide Engineer
Cable&Wireless Europe, Asia & US
www.cw.com                              
 



This e-mail has been scanned for viruses by the Cable & Wireless e-mail security system - powered by MessageLabs. For more information on a proactive managed e-mail security service, visit http://www.cw.com/uk/emailprotection/ 

The information contained in this e-mail is confidential and may also be subject to legal privilege. It is intended only for the recipient(s) named above. If you are not named above as a recipient, you must not read, copy, disclose, forward or otherwise use the information contained in this email. If you have received this e-mail in error, please notify the sender (whose contact details are above) immediately by reply e-mail and delete the message and any attachments without retaining any copies.
 
Cable and Wireless plc 
Registered in England and Wales.Company Number 238525 
Registered office: 3rd Floor, 26 Red Lion Square, London WC1R 4HQ

More information about the cisco-nsp mailing list