[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: RE: How secure is BGP? was Re: Two ISP's to one DMZ -
From: Darren Cromer <DarrenCr () Attachmate ! com>
Date: 1997-07-11 7:15:10
[Download RAW message or body]
In the case of MCI, you must register your routes beforehand into
their routing registry (with a password for your AS). There doesnt
seem to be any advance checking, but it does hold you accountable for
the routes you announce.
I'm not sure how this is handled by other ISP's
-----Original Message-----
From: mikech@avana.net [SMTP:mikech@avana.net]
Sent: Friday, July 11, 1997 4:08 AM
To: Firewalls@GreatCircle.COM; Paul Ferguson; Rusty Zickefoose
Subject: How secure is BGP? was Re: Two ISP's to one DMZ -
All of this discussion of the mechanics of BGP made me think. What if
I
decided to grab Cisco's block of addresses and announce them as being
routed
through my ISP with BGP? As long as my ISP's are peering with me, will
they
accept *any* route update? If I announced the Cisco update to my ISP
(let's
say MCI), would all of the MCI clients trying to access www.cisco.com
come to
my web server instead? What would happen on with other ISP's? Would
they
accept this exception route?
Has this happened in the real world?
Is there any mechanism to prevent this?
Mike
--
03:07:53
07/11/97
_______________________________________________________________________
Michael W. Chalkley Tel:
+1.770.772.4567
ZapNet! Inc. Fax:
+1.770.475.7640
Suite 400-120 E-mail:
mikech@iproute.com
10945 State Bridge Road
mikech@avana.net
Alpharetta, GA 30202
http://www.iproute.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic