[AusNOG] BGP injection / IP Hijacking / Peer Trust

Paul Brooks pbrooks-ausnog at layer10.com.au
Fri Aug 29 15:23:34 EST 2008


Edwin Groothuis wrote:
> Your SMTP servers don't allow relaying and have TLS enabled. Your
> DNS servers don't do recursion for unknown requestors and has DNSSec
> enabled.
>
> The whois information for your domains and netblocks is up to date.
>
> Your BGP talker has properly defined who its neighbours are and has
> filters for incoming routes.
>   
.....

> So euhm... we're not there yet. But then we're only less than 20
> years in the game.
>   
20 years is a very rough average.
 SMTP has been around for over 20 years, but TLS for less than 10. DNS 
has been around for over 20 years - but again, DNSSEC for less than 10.
WHOIS in various forms is over 20 years old - and while CRYPT-PW 
measures to protect against hijacking have been around for almost as 
long, we're still only now talking about adding real PKI for stronger 
protection (APNIC draft policy).

I wonder if we'll still be making the 'but we're only 40 years into the 
game' excuse in 20 years time.

-- 
Paul Brooks               |         Mob +61 414 366 605
Layer 10 Advisory         |         Ph  +61 2 9402 7355
-------------------------------------------------------
Layer 10 - telecommunications strategy & network design




More information about the AusNOG mailing list