Let me disagree - Pakistan Youtube was possible only because their uplink provider did NOT implement inbound route filters . As always the weakest link is human factor - and no super-duper newest technology is ever to help here . As regards to S-bgp/soBGP from technical point of view , wait for the day when the vulnerability gets published (SSL-heartbleed style) that invalidates all this PKI stuff ... Yuri On Tue, Nov 4, 2014 at 2:38 PM, <sthaug@nethelp.no> wrote:
In real life people use - bgp ttl security, md5 passwords, control plane protection of 179 port, inbound/outbound routes filters. So far this has been enough.
These mechanisms do little or nothing to protect against unauthorized origination of routing information. There are plenty of examples which say it has *not* been enough, see for instance the Pakistan Telecom - Youtube incident in 2008.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
-- Taking challenges one by one. http://yurisk.info