[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: How secure is BGP? was Re: Two ISP's to one DMZ -
From: "R. Todd Truitt" <ttruitt () cisco ! com>
Date: 1997-07-14 10:13:46
[Download RAW message or body]
>That said:
>>mikech@avana.net says:
>>>All of this discussion of the mechanics of BGP made me think. What if I
>>>decided to grab Cisco's block of addresses and announce them as being
routed
>>>through my ISP with BGP? As long as my ISP's are peering with me, will
they
>>>accept *any* route update? If I announced the Cisco update to my ISP
(let's
>>>say MCI), would all of the MCI clients trying to access www.cisco.com
come to
>>>my web server instead? What would happen on with other ISP's? Would they
>>>accept this exception route?
>Only if they are stupid. Peer relationships between the clue-challenged
>are more likely to propagate bad routes than providers; all major
>providers have aggressive filtering on either as-path & origins,
>ip-addrs being announced, or routing objects (ip-addrs/length + origin
>as). The smarter providers reconfigure these filters in an automated
>fashion, from databases.
>
Along with aggressive route filtering, route authentication will
become vital in the next few years.
--T
_________________________________________________________________________
R. Todd Truitt ttruitt@cisco.com
Systems Engineer Security, Availabilty and Management
Cisco Systems, Inc. 303.220.6164
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic