I can think of one particular ISP's POP where the fiber comes into the building from a conduit that comes out of the ground, into a small metal box, and then into the front of the building. In front of this exposed conduit, a small bush was planted. At the time, I joked about how one well-placed shotgun blast from a car in the parking lot would be all it took to destroy most, if not all, of that building's connectivity. As an employee of one of the many companies who have service points at 25 Broadway, I think I'll stop joking about things like that. -C On Mon, Sep 17, 2001 at 04:11:26PM -0400, Daniel Golding wrote:
Gee, the only major ISP that uses MD5 for peering links is Verio. That what you were looking for, Randy? :)
Seriously, BGP session hijacking is the least of our worries. If you want to hit internet infrastructure, the points of weakness are obvious and physical. Car bombs at a dozen sites that we all know so well would be enough to seriously degrade internet communications, particularly if they were detonated near the fiber entrance facilities.
This underscores the previous concerns mentioned by some about the common colocation of private peering by major internet carriers. Looks a little riskier now, yes?
- Daniel Golding
-----Original Message----- From: Randy Bush [mailto:randy@psg.com] Sent: Monday, September 17, 2001 2:19 PM To: Daniel Golding Cc: nanog@merit.edu Subject: RE: What Worked - What Didn't
The big winners were cable TV, email, packet networks and IM applications. The big losers with cell phones, circuit switching, PSTN, non-akamized news sites.
no one went after the comms infrastructure. when they do, i suspect that we will find the internet is extremely vulnerable. how many folk even have md5 auth turned on their bgp peering sessions? what nievete!
randy