Mailing List Archive

BGP route filtering. You want it.
List,

[.Apologies in advance for operational content. I Don't mean to distract
readers from the usual flamewars about rfc1918, bogon filtering, and
some of our favorite posters - gadi and n3td3v.]

I'd like to give a heads-up to the NANOG community regarding the talk
we recently gave at DEFCON.

The slides can be found here: http://eng.5ninesdata.com/~tkapela/iphd-2.ppt

In a nutshell, we demonstrated that current lack of secure filtering
infrastructure not only permits DoS-like attacks, but also full
"traffic monitoring" of arbitrary prefixes from essentially anywhere
in the world.

None of this should come as surprise to the NANOG and
operationally-aware crowd - this has been discussed extensively
previously before on-list, and extensively at conferences. Additional
novelty presented is the returning of traffic back to victim network
over Internet (creative as-path prepends & loop detection) and
obscuring the 'additional hops' this sort of thing creates with
additive ttl.

Suggested additional reading below:

http://www.nanog.org/mtg-9802/yu.ppt
http://www.nanog.org/mtg-0010/ppt/tony.ppt
http://www.nanog.org/mtg-0010/ppt/danny.ppt
http://www.nanog.org/mtg-0206/ppt/security1.1.pdf
http://www.nanog.org/mtg-0501/pdf/tauber.pdf
http://www.nanog.org/mtg-0505/pdf/underwood.pdf
http://www.nanog.org/mtg-0510/pdf/deleskie.pdf
http://www.nanog.org/mtg-0602/pdf/boothe.pdf
http://www.nanog.org/mtg-0610/presenter-pdfs/massey.pdf
http://www.nanog.org/mtg-0806/presentations/wednesday/DanMcP_Route_Filter_Panel_N43.pdf
http://www.nanog.org/mtg-0806/presentations/sunday/BRGREEN_prefix_filtering_N43.ppt
http://www.renesys.com/tech/presentations/pdf/menog3-youtube.pdf
http://www.renesys.com/tech/presentations/pdf/nanog43-hijack.pdf

-Tk/P.
Re: BGP route filtering. You want it. [ In reply to ]
I really enjoyed it! Rerouting all of Defcon's traffic thru NY was a nice touch. Hopefully the additional awareness of this will help progress toward getting the issues fixed. Good job!

-bb


----- Original Message -----
From: "Anton Kapela" [tkapela@gmail.com]
Sent: 08/11/2008 01:47 PM MST
To: nanog@nanog.org
Subject: BGP route filtering. You want it.



List,

[.Apologies in advance for operational content. I Don't mean to distract
readers from the usual flamewars about rfc1918, bogon filtering, and
some of our favorite posters - gadi and n3td3v.]

I'd like to give a heads-up to the NANOG community regarding the talk
we recently gave at DEFCON.

The slides can be found here: http://eng.5ninesdata.com/~tkapela/iphd-2.ppt

In a nutshell, we demonstrated that current lack of secure filtering
infrastructure not only permits DoS-like attacks, but also full
"traffic monitoring" of arbitrary prefixes from essentially anywhere
in the world.

None of this should come as surprise to the NANOG and
operationally-aware crowd - this has been discussed extensively
previously before on-list, and extensively at conferences. Additional
novelty presented is the returning of traffic back to victim network
over Internet (creative as-path prepends & loop detection) and
obscuring the 'additional hops' this sort of thing creates with
additive ttl.

Suggested additional reading below:

http://www.nanog.org/mtg-9802/yu.ppt
http://www.nanog.org/mtg-0010/ppt/tony.ppt
http://www.nanog.org/mtg-0010/ppt/danny.ppt
http://www.nanog.org/mtg-0206/ppt/security1.1.pdf
http://www.nanog.org/mtg-0501/pdf/tauber.pdf
http://www.nanog.org/mtg-0505/pdf/underwood.pdf
http://www.nanog.org/mtg-0510/pdf/deleskie.pdf
http://www.nanog.org/mtg-0602/pdf/boothe.pdf
http://www.nanog.org/mtg-0610/presenter-pdfs/massey.pdf
http://www.nanog.org/mtg-0806/presentations/wednesday/DanMcP_Route_Filter_Panel_N43.pdf
http://www.nanog.org/mtg-0806/presentations/sunday/BRGREEN_prefix_filtering_N43.ppt
http://www.renesys.com/tech/presentations/pdf/menog3-youtube.pdf
http://www.renesys.com/tech/presentations/pdf/nanog43-hijack.pdf

-Tk/P.
Re: BGP route filtering. You want it. [ In reply to ]
URL works again. I had uploaded an edited version of the talk, but
forgot to rename it. It's probably good that only a few of you saw the
original, as it wasn't quite the 'professional' text that I'd
typically write. Permissible and desired presentation formats and
language at DEFCON don't have parallels in this venue.

Best,

-Tk
Re: BGP route filtering. You want it. [ In reply to ]
Anton Kapela wrote:
> URL works again. I had uploaded an edited version of the talk, but
> forgot to rename it. It's probably good that only a few of you saw the
> original, as it wasn't quite the 'professional' text that I'd
> typically write. Permissible and desired presentation formats and
> language at DEFCON don't have parallels in this venue.
>

Hmmm. I don't know about that. I saw some very good presentations at
DefCon. In particular the Tor presentations, nmap presentation, and a
couple wireless talks I went to were all quite professionally and
tastefully done. Oh the Web Application Firewall stuff was good too.



--

Charles Wyble (818) 280 - 7059
http://charlesnw.blogspot.com
CTO Known Element Enterprises / SoCal WiFI project