Published on October 7, 2007
BGPsentinel : BGPsentinel COMVALID AS/BGP: AS/BGP The Internet is composed of 20,000 autonomous systems(AS’s) AS’s exchange route advertisements using BGP. COMVALID BGP assumptions: BGP assumptions Each AS announces only those prefixes for which they are responsible Source of a BGP-update has the authority to announce the prefix The announced AS path is correct TCP provides a secure transmission between BGP peers COMVALID BGP problem: BGP problem BGP assumes that the routes advertised by neighboring nodes are correct What if this assumption is violated? An AS propagates spurious routes to a neighbor! COMVALID BGP threats: BGP threats Configuration error Fraudulent origination Fraudulent modification Compromised routers Routing by miscreants Packet sniffing and injection COMVALID BGP attacks: BGP attacks What are the effects of attacks? Drop packets and render a destination unreachable Eavesdrop the traffic to a given destination Impersonate the destination COMVALID BGP threat mitigation: BGP threat mitigation IPSEC secure point-to-point between BGP speakers Implement RFC2385 MD5 validation of TCP sessions Optional extension is BGP MD5 Handle inter-As validation of routes Filters to ensure your neighbors only announce their own space (RFC 2827) sBGP and soBGP extensions of protocol COMVALID Why bother?: Why bother? A lot of deployed BGP routers use no mitigation criteria Router mis-configurations are a common occurrence Two major outages already happened in 1997 (as7007) and 2001 (nimda). Router break-ins also occur regularly Many routers have open telnet interfaces “Evil” effects of a compromised node Impersonation of your systems COMVALID Causes and Effects: Causes and Effects COMVALID Cause Effect BGPsentinel Goals: BGPsentinel Goals Verify the correctness of BGP route about your NETs & AS’s over the Internet Alarm you in order to minimize the harmful effects of spurious updates Do not the impact over the routers Works as an external services Requires no modifications on configs COMVALID Conclusion: Conclusion Causes identified for spurious route advertisements: Mis-configurations, malicious behavior Harmful effects: Blackhole, impersonation, eavesdrop Remedies: Constant checking by BGPsentinel for immediate alarm and remedy action COMVALID
who's receiving comvalid/bgpsentinel spam? (Re: BGP ) NANOG users
Next by Date: who's receiving comvalid/bgpsentinel spam? (Re: BGP ) Date Index; Thread Index; Author Index; Historical; Discussion Communities
North American Network Operators Group Mailing List Archive: Date Index: Last updated: Tue May 08 23:52:37 2007 Messages: 591. The North American Network ...