[AusNOG] BGP injection / IP Hijacking / Peer Trust
Paul Brooks
pbrooks-ausnog at layer10.com.au
Fri Aug 29 11:13:57 EST 2008
Edwin Groothuis wrote:
>
> Your SMTP servers don't allow relaying and have TLS enabled. Your
> DNS servers don't do recursion for unknown requestors and has DNSSec
> enabled.
>
> The whois information for your domains and netblocks is up to date.
>
> Your BGP talker has properly defined who its neighbours are and has
> filters for incoming routes.
>
.....
> So euhm... we're not there yet. But then we're only less than 20
> years in the game.
>
As a very rough average.
SMTP has been around for over 20 years, but TLS for less than 10. DNS
has been around for over 20 years - but again, DNSSEC for less than 10.
WHOIS in various forms is over 20 years old - and while CRYPT-PW
measures to protect against hijacking have been around for almost as
long, we're still now talking about adding real PKI for stronger
protection (APNIC draft policy).
I wonder if we'll still be making the 'but we're only 40 years into the
game' excuse in 20 years time.
--
Paul Brooks | Mob +61 414 366 605
Layer 10 Advisory | Ph +61 2 9402 7355
-------------------------------------------------------
Layer 10 - telecommunications strategy & network design
More information about the AusNOG
mailing list