[lacnog] Fwd: What to do about BGP Hijacks

Carlos M. Martinez carlosm3011 en gmail.com
Mar Dic 19 11:46:03 BRST 2017


Lectura interesante.

Forwarded message:

> From: Job Snijders <job en ntt.net>
> To: nanog en nanog.org
> Subject: What to do about BGP Hijacks
> Date: Thu, 14 Dec 2017 05:45:57 +0000
>
> Some carriers view measures to improve routing security as a 
> hinderance
> rather than as a safeguard to enable business. The BGP protocol itself 
> has
> no inherent safety mechanisms, so the network operator has to ensure
> adequate layers of protection are implemented on the boundary between 
> their
> own network and the Internet.
>
> Normalcy bias may play a role, I see carriers target short term gain 
> by
> heavily relying on the assumption that there will never be any
> misconfigurations or malicious attacks. Of course yesterday’s 
> incident
> shows otherwise.
>
> For many networks the topic of routing security becomes a priority, 
> only
> after they've suffered the consequences of an incident.
>
> In the long term, the best way to protect against this type of BGP
> hijacking is to require your connectivity suppliers to implement 
> relevant
> security measures. Also require full incident reports after BGP 
> hijacks
> through your provider or IXP have been observed.
>
> The moment it becomes socially unacceptable to operate an Internet 
> network
> without adequate protections in place, there is economic incentive to 
> view
> routing security efforts as a competitive advantage rather than a 
> nuisance.
>
> Consider voting with your wallet, this applies to both IP transit 
> carriers
> and IXP route server operators. Ask your suppliers what they are doing 
> to
> prevent BGP hijacks.
>
> Ars Technica has a great write-up on the latest BGP hijacking 
> incident:
> https://arstechnica.com/information-technology/2017/12/suspicious-event-routes-traffic-for-big-name-sites-through-russia/
>
> This MANRS article is on point as well:
> https://www.manrs.org/2017/12/another-bgp-routing-incident-highlights-an-internet-without-checkpoints/
>
> Kind regards,
>
> Job


Más información sobre la lista de distribución LACNOG