[AusNOG] BGP injection / IP Hijacking / Peer Trust

Jason Sinclair Jason.Sinclair at staff.pipenetworks.com
Thu Aug 28 12:49:32 EST 2008 

I am not sure this is just a peering issue - traffic hijacking can occur
"legitimately" and has in the past when large O/S networks (non-peer)
make a "mistake". I think for this to be resolved completely some level
of route to AS verification needs to be able to be performed on the fly
(as is indicated as one approach in the articles). Filtering of course
is another manual approach, however the validity of routes being
advertised would need to be checked.

 

Jason

 

________________________________

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Sean K. Finn
Sent: Thursday, 28 August 2008 11:28 AM
To: ausnog at ausnog.net
Subject: [AusNOG] BGP injection / IP Hijacking / Peer Trust

 

Hi All,

 

http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html

 

There seems to be some publicity about hijacking other's IP ranges with
BGP to snoop/sniff/intercept traffic.

 

Now, of course this is a known thing, and thankfully doesn't happen too
much in Australia, but I've noticed one thing from the flamewar that
starts with the comments at the end of this  article.

 

It appears that one can rent a server or two, link into peering fabric
at several points in the U.S, and announce just about anyone's range to
intercept traffic then re-broadcast it. 

Effectively placing themselves inside a trusted portion of the network
where no filtering on announcements is done

 

When the Big G, Google, presented at AUSNOG2 and stated that they were
looking to form unilateral peering and declined to comment on
multilateral peering, and suddenly, after reading this article, it began
to make sense.

 

Do you trust your PEERS at a multi-lateral peering point? Obviously for
some, the answer is no.

 

Thankfully here in Aus most players know most other players that are
peering or announcing on WAIX, PIPE, Equinix etc, so it's not such a big
deal with random elements hooking in and sniffing our traffic if they
manage to be able to advertise our IP ranges.

 

My question / comments / ponderings to the list are really

 

-What's more trustworthy, a carrier unilateral peering relationship,
unilateral peering, multilateral peering.

 

If Multilateral peering is shaping up to being such a trust issue, does
anyone have any comment or suggestions on how we can *maintain* the
trust of the current state of peering in Australia so that we are not
affected by this scourge in the future?

 

I'm just throwing it out there.

 

Cheers,

Sean K Finn.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20080828/9d7323d2/attachment.html>

More information about the AusNOG mailing list