On Thursday, 11 July, 2024 07:23, "Hank Nussbacher" <hank@efes.iucc.ac.il> said:
[ https://www.kentik.com/blog/dissecting-the-fccs-proposal-to-improve-bgp-secu... ]( https://www.kentik.com/blog/dissecting-the-fccs-proposal-to-improve-bgp-secu... )
As a not-security person trying to get to grips with this, am I mis-understanding the type of attack that this is pushing to mitigate? My current understanding: -Bad guys announce space for Facebook / Amazon / banks / whatever -Some traffic for high-value destinations gets diverted to Bad Guys -Bad Guys do Bad Things By focusing on BIAS-providers to secure *their own* routes, aren't you stopping the Bad Guys from hijacking eyeball space, rather than high-value destination space? Is there a useful attack vector where the return traffic from Facebook to my residential CPE is diverted via the Bad Guys? My instinct is that the quick win comes from high-value targets (or their ISPs) *generating* ROA, and ensuring that the BIAS providers are *validating* (ROV) that their customer traffic is going to the "real" Facebook. I'm struggling with how much issuing ROAs for residential broadband ranges helps with this particular problem, and why - any free clues or pointers to reading gratefully received. Thanks, Tim.