[NLNOG] Fw: celebrating 10 years of routing insecurity

Job Snijders job at ntt.net
Fri Aug 10 14:48:44 CEST 2018


FYI :-)

----- Forwarded message from Job Snijders <job at ntt.net> -----

Date: Fri, 10 Aug 2018 12:30:38 +0000
From: Job Snijders <job at ntt.net>
To: nanog at nanog.org
Subject: celebrating 10 years of routing insecurity

Dear all,

Today marks the 10th anniversary of the famous Kapela-Pilosov
Man-in-the-middle BGP attack! It is a fantastic and innovative attack
that would be worthy of referencing in the next Mr Robot season. :-)

    video: https://www.youtube.com/watch?v=S0BM6aB90n8
    slide: https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf

So, what is the state of routing security anno 2018?

It seems that as an industry we're on an upwards trajectory: various IRR
registries are locking themselves down to prevent creation of
unauthorized route(6) objects, new filter generation tools are becoming
available, RPKI based BGP Origin Validation is slowly seeing more and
more deployment, and the concept of blocking route announcements with
improbable AS_PATHs is gaining popularity as well.

Let's see where we are 10 years from now!

Kind regards,

Job

----- End forwarded message -----


More information about the NLNOG mailing list