IETF Logo Mail Archive

Re: Helpful BGP Feature

Brandon Black <photon@nol.net> Tue, 04 February 1997 06:58 UTC

Received: from cnri by ietf.org id aa25216; 4 Feb 97 1:58 EST
Received: from merit.edu by CNRI.Reston.VA.US id aa03488; 4 Feb 97 1:58 EST
Received: (from daemon@localhost) by merit.edu (8.8.5/merit-2.0) id BAA06386 for idr-outgoing; Tue, 4 Feb 1997 01:35:37 -0500 (EST)
Received: from interlock.ans.net (interlock.ans.net [147.225.5.5]) by merit.edu (8.8.5/merit-2.0) with SMTP id BAA06381 for <bgp@merit.edu>; Tue, 4 Feb 1997 01:35:34 -0500 (EST)
Received: by interlock.ans.net id AA08404 (InterLock SMTP Gateway 3.0 for bgp@ans.net); Tue, 4 Feb 1997 01:35:32 -0500
Received: by interlock.ans.net (Internal Mail Agent-1); Tue, 4 Feb 1997 01:35:32 -0500
X-Auth: NOLNET SENDMAIL AUTH
Date: Tue, 04 Feb 1997 00:35:30 -0600
From: Brandon Black <photon@nol.net>
To: EDS@rhqvm21.vnet.ibm.com
Cc: bgp@ans.net
Subject: Re: Helpful BGP Feature
In-Reply-To: <199702040413.AA03868@interlock.ans.net>
Message-Id: <Pine.GSO.3.95.970204003044.22546A-100000@dazed.nol.net>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-idr@merit.edu
Precedence: bulk

On Mon, 3 Feb 1997 EDS@RHQVM21.VNET.IBM.COM wrote:

> Brandon,
> In fact, you bring up some good points wrt problems with the current
> situation-hackers have potential to do damage via all the NAPs/
> Providers/Routers.
> So in some cases one could limit the Number of unnecessary NAPs/
> Providers/Routers that are given a route.
> 
> Even with encryption in fact,via all these
> points you are also subject to attacks such as:
> TCP SYN attacks,ping flooding, spamming,people trying to gain
> unauthorized access to your site for various purposes, etc.
> Why not limit the number of hackers to whom you advertise a
> route to you in the first place ?
>

Most likely, your network number will be available from InterNIC or one of
the Routing Registries... it could still be remote sniffed via false BGp
advertisements probably... I'm not sure though..
 
> It may also have the additional advantage that it may limit filling
> up the Global Routing table of those Routers that "need to know"
> and also anyone that doesnt need access to a particular
> destination wont see any flapping. -this may be of some use wrt
> two big problems in the Internet.
> 

Anything that would cut down flapping would be a tremendous help.

> An example, off the cuff:perhaps a company is providing a bank
> balance web server or the ablility to do stock transactions -
> it may only want to give a route to its content/server
> to specifically those who have an account and paid
> a fee that day.In fact this could be done dynamically as
> users pay their access fee.
> 


Well... I don't see this as a valid example... a bank could only advertise
its route to certain entire corporations who were doing online
transactions with them.... but you certainly aren't going to alter your
BGP advertisements based on individual users, who may have dynamic IP
addresses... the finest concievable granularity for the advertisement
would be the single AS of the user's provider.. which allows access to all
other users of that provider (in this case, by provider I mean small local
provider, not backbone provider).


.................................             ..............
: Brandon Lee Black  : [Office] :.............: [Personal] :....
:....................: brandon.black@wcom.com : photon@nol.net :.......
: "Sanity is the     : +1.281.362.6466 .......: photon@gnu.ai.mit.edu :
: trademark of a     :.................:..../\: vis_blb@unx1.shsu.edu :
: weak mind. . ."    : LDDS WorldCom, Inc. :\/: +1.281.397.3490 ......:
:....................:.....................:..:.................:

v2.23.0 | Report a Bug | By Email