On 4 Nov 2014, at 10:57, Anthony Weems wrote:
I'm a student in college learning about networking and, specifically, BGP. Does anyone have any statistics on the use of S-BGP or soBGP in the wild?
Take a look at rPKI.
Additionally, do people scan BGP speakers in the same sense that researchers perform scans of the Internet (e.g. zmap)?
Everything on the Internet is scanned (or, at least attempts to scan everything on the Internet are made), constantly. If network operators have configured their BGP speakers properly, with BCPs such as iACLs and GTSM, then they can't be touched by anything except configured peers. TCP/179 scanning of BGP speakers which haven't implemented the BCPs isn't generally going to return much in the way of useful results beyond identifying the BGP speakers themselves, as the scanners aren't configured as peers (it may be possible to fingerprint some BGP speakers via scanning a la nmap or zmap or masscan, perhaps someone else can comment on this). That being said, attackers will scan routers that they're interested in DDoSing or subverting; implementing the relevant BCPs is strongly recommended. Networks which haven't implemented the BCPs sometimes find their BGP peering sessions disrupted via DDoS attacks against the routers themselves; SYN-floods and the like against TCP/179 are sometimes used to disrupt BGP sessions in such scenarios, for example. Aggressive scanning per the above against BGP speakers which haven't implemented the BCPs could result in inadvertent disruption of BGP sessions. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>