On Thu, 2005-03-03 at 20:27 +1100, Geoff Huston wrote:
On 2005-03-02, at 19.38, James A. T. Rice wrote:
This seems to suggest that you are just picking ASns at random to inject into the paths, and that you don't have a set of ASs which you have the assignees permission to use.
Would't this then actually equate to resource hijacking along the lines of prefix hijacking? Who will be the first to hit the RIRs?
Isn't this a case of illustrating how easy it is to tell lies in BGP today? I don't see what hitting the RIRs has do to with this. The problem appears to be more basic than that - its just too easy to tell lies in BGP and get the lies propagated globally.
I am probably telling you what you already know, but for the ones who don't know it yet: Secure BGP (S-BGP): http://www.ir.bbn.com/projects/s-bgp/ http://www.nanog.org/mtg-0306/pdf/bellovinsbgp.pdf http://www.nwfusion.com/details/6484.html?def and of course the sister by amongst others Cisco: Secure Origin BGP (SO-BGP): http://bgp.potaroo.net/ietf/idref/ draft-ng-sobgp-bgp-extensions/ http://www.nwfusion.com/details/6485.html http://www.nanog.org/mtg-0306/pdf/alvaro.pdf etc... most people know how to google I guess ;) Aka BGP with certificates and other nice tricks. Greets, Jeroen