For detection, there are a few solutions, but mostly it's just monitoring the route table for your specific routes and being alerted when things change. For prevention there are things like RPKI ( https://www.arin.net/resources/rpki/index.html) that can help. There are a few other possibilities as well, each with their own pros and cons and various cases of weakness. RPKI seems to be the current favorite and most widely supported. Well, by vendors at least... --chip On Thu, Aug 1, 2013 at 10:00 AM, Shah, Parthiv < Parthiv.Shah@theclearinghouse.org> wrote:
My apology if I am asking for a repeat question on the list. On 7/29/13 I read an incident about accidental BGP broadcast see article here https://isc.sans.edu/diary/BGP+multiple+banking+addresses+hijacked/16249or older 2008 incident http://www.renesys.com/2008/02/pakistan-hijacks-youtube-1/
My questions:
1) I would like to understand how can we detect and potentially prevent activities like this? I understand native BGP was not design to authenticate IP owners to the BGP broadcaster. Therefore, issues like this due to a human error would happen. How can activities like this be detected as this is clearly a threat if someone decides to broadcast IP networks of an organization and knock the real org. off the Net. 2) In reference to prevention, I recall there were discussions about secure BGP (S-BGP), Pretty Good BGP, or Secure Original BGP but I don't remember if any one of them was finalized (from practicality viewpoint) and if any one of them is implementable/enforceable by ISPs (do anyone have any insight)? 3) If I was to ask for an opinion, from your viewpoint which one is better and why and which one is not doable and why not?
Thank you in advance, Parthiv
This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and notify us immediately.
-- Just my $.02, your mileage may vary, batteries not included, etc....