Gee, the only major ISP that uses MD5 for peering links is Verio. That what you were looking for, Randy? :) Seriously, BGP session hijacking is the least of our worries. If you want to hit internet infrastructure, the points of weakness are obvious and physical. Car bombs at a dozen sites that we all know so well would be enough to seriously degrade internet communications, particularly if they were detonated near the fiber entrance facilities. This underscores the previous concerns mentioned by some about the common colocation of private peering by major internet carriers. Looks a little riskier now, yes? - Daniel Golding -----Original Message----- From: Randy Bush [mailto:randy@psg.com] Sent: Monday, September 17, 2001 2:19 PM To: Daniel Golding Cc: nanog@merit.edu Subject: RE: What Worked - What Didn't
The big winners were cable TV, email, packet networks and IM applications. The big losers with cell phones, circuit switching, PSTN, non-akamized news sites.
no one went after the comms infrastructure. when they do, i suspect that we will find the internet is extremely vulnerable. how many folk even have md5 auth turned on their bgp peering sessions? what nievete! randy