1) I would like to understand how can we detect and potentially
-----Original Message----- From: Shah, Parthiv [mailto:Parthiv.Shah@theclearinghouse.org] Sent: Thursday, August 01, 2013 9:00 AM To: nanog@nanog.org Subject: BGP related question prevent activities like this? I understand native BGP was not design to authenticate IP owners to the BGP broadcaster. Therefore, issues like this due to a human error would happen. How >can activities like this be detected as this is clearly a threat if someone decides to broadcast IP networks of an organization and knock the real org. off the Net. The most basic short answer would be use of proper filtering and LOAs. Transit providers should be checking whether or not customers have permission to act as a transit provider for prefixes or originate the prefixes not registered to them by the RIRs. If every operator would have controls in place to ensure folks are originating the routes they are supposed to then you wouldn't have a problem. However, it seems the best course of action is to implement "checks and balances" internally to each organization which usually prevents all together or mitigate things as much as possible. Human error is inevitable. We have outside monitoring (bgpmon) for our prefixes.
2) In reference to prevention, I recall there were discussions about secure BGP (S-BGP), Pretty Good BGP, or Secure Original BGP but I don't remember if any one of them was finalized (from practicality viewpoint) and if any one of them is >implementable/enforceable by ISPs (do anyone have any insight)?
If I had to pick one based on practicality it would be secure original BGP. You can create a fairly secure BGP session by using multiple mechanisms (prefix lists/filters/routemaps, password, iACL, TTL-security, AS limits etc.) However, there are caveats to anything.