On Fri, 8 Mar 2002, Vadim Antonov wrote:
So, i would say i'm pro-OOB where it concerns clean confinement of control traffic into a non-routable, unconditionally-prioritized frames, and contra-OOB when it comes to making separate networks for control traffic. Your definition of "separate network" may vary :)
Of course, like many things security looks easy until you have to do it yourself. So I don't mean to suggest there are any really any easy answers. But I've been wondering about simple structural changes which would improve the intrinsic security of the net. For example, remember when BARRNET had the problem with people stealing passwords on their backbone. One simple change was removing general purpose computers which could be used as sniffers from their core router LANs. My simple question is why do exchange point prefixes or backbone network prefixes need to be announced to peers or customers? If no one announced IXP prefixes, it would be more difficult (modulo LSSR/SSSR) to send bogus packets at distant routing gateways. The attacker would need to be directly connected, or compromise something. This has been something which has bugged me ever since I connected a router to mae-east. There is no "true" ASN for inter-provider network prefixes, yet the prefixes show up in the BGP tables via multiple providers. Private inter-ISP links aren't any better. They are frequently taken from some provider's internal space, and announced by a combination of providers. This isn't really OOB, but similar to your idea of not using a globally routable network to exchange routing information. Its not as difficult as making a 127/8 kludge. Its a small matter of not announcing prefixes used for BGP to your BGP peers (next-hop-self).