[AusNOG] FYI : Attackers are accessing routers running on the border gateway protocol (BGP) and injecting additional hops
Luke Iggleden
luke+ausnog at sisgroup.com.au
Mon Nov 25 08:18:50 EST 2013
On 24/11/2013 8:45 pm, Dobbins, Roland wrote:
>
> On Nov 24, 2013, at 4:26 PM, Daniel Hood <dsmhood at gmail.com> wrote:
>
>> Whats the easiest way one could monitor their netblocks to make sure there is no funny business going on in their paths?
>
> BGPMon, as Scott Howard noted, and Renesys are both good services, and there are others, as well.
>
These services undoubtedly are good for detection, but by the time you
get in contact with $insert_isp to get a prefix withdrawn the damage is
already done.
It still amazes me after all these years large backbone networks trust
smaller BGP peers with open filters.
There are many ways to automate filters, why don't they implement them?
My bet is until it costs them x (due to legal or direct attack), they
don't want to spend x (in prevention), sounds like a typical security
scenario to me.
More information about the AusNOG
mailing list