Re: [Sidr] [OPSEC] pccw as17557 leak...

Sandra Murphy <sandy@sparta.com> Thu, 28 February 2008 18:35 UTC

Return-Path: <sidr-bounces@ietf.org>
X-Original-To: ietfarch-sidr-archive@core3.amsl.com
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DFBE728C5AC; Thu, 28 Feb 2008 10:35:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.825
X-Spam-Level:
X-Spam-Status: No, score=-0.825 tagged_above=-999 required=5 tests=[AWL=-0.388, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YfmRolSN-CIL; Thu, 28 Feb 2008 10:35:22 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 03FFC3A6E69; Thu, 28 Feb 2008 10:35:22 -0800 (PST)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 28E4D3A67C0; Thu, 28 Feb 2008 10:35:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ExemVKMSlbdB; Thu, 28 Feb 2008 10:35:15 -0800 (PST)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by core3.amsl.com (Postfix) with ESMTP id 9C2723A688D; Thu, 28 Feb 2008 10:35:15 -0800 (PST)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id m1SIYouj004699; Thu, 28 Feb 2008 12:34:50 -0600
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id m1SIYox4021289; Thu, 28 Feb 2008 12:34:51 -0600
Received: from SANDYM-LT.columbia.ads.sparta.com ([157.185.81.104]) by nemo.columbia.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Thu, 28 Feb 2008 13:34:50 -0500
Date: Thu, 28 Feb 2008 13:34:49 -0500
From: Sandra Murphy <sandy@sparta.com>
To: Vishwas Manral <vishwas.ietf@gmail.com>
In-Reply-To: <77ead0ec0802280956s3dcff81cx25fd152ea1c798fb@mail.gmail.com>
Message-ID: <Pine.WNT.4.64.0802281313450.2416@SANDYM-LT.columbia.ads.sparta.com>
References: <47C4E38E.1070105@bogus.com> <3DD63532-9442-4B12-B1DF-5EA70A66C87D@cisco.com> <77ead0ec0802271712m53e8a1d4sc9cae09ee75686f7@mail.gmail.com> <p06240500c3ebd2c48236@192.168.101.9> <77ead0ec0802271913u2c032ec2y2d03b73cb36de37f@mail.gmail.com> <p06240509c3ebe4459c93@169.223.13.71> <77ead0ec0802272031j6d958279tf3028c4096093020@mail.gmail.com> <p0624050cc3ebfc54fb15@169.223.13.71> <77ead0ec0802280649k66671fc9s9fc24314963c68a0@mail.gmail.com> <Pine.WNT.4.64.0802281109260.2416@SANDYM-LT.columbia.ads.sparta.com> <77ead0ec0802280956s3dcff81cx25fd152ea1c798fb@mail.gmail.com>
X-X-Sender: sandy@nemo.columbia.sparta.com
MIME-Version: 1.0
X-OriginalArrivalTime: 28 Feb 2008 18:34:50.0117 (UTC) FILETIME=[9A0A1B50:01C87A38]
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (M4.sparta.com [157.185.61.2]); Thu, 28 Feb 2008 12:34:50 -0600 (CST)
Cc: Roland Dobbins <rdobbins@cisco.com>, opsec wg mailing list <opsec@ietf.org>, sidr@ietf.org
Subject: Re: [Sidr] [OPSEC] pccw as17557 leak...
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org


On Thu, 28 Feb 2008, Vishwas Manral wrote:

> Hi Sandra,
>
> Thanks for the reply. You put forward the all the points correctly and
> precisely.
>
> My concern is that, unlike the normal PKI model where the final output
> is to authenticate the user using the just the certificate, the
> Routing based model we are now talking about verifying just a small
> bit of information which is used for the BGP Best Path selection - the
> sanity of which we are trying to protect, and protecting just the
> Origin does not make sense in a malicious case at all. Though you may
> say that it protects in case the malicious person plays with the
> Origin attribute, it however does not protect much as with the same
> amount of effort a malicious person can still cause the same attacks.
> What increases is the over head in each of the domains to maintain the
> new PKI information.
>

(Yes, I know I already replied to this message, but to a different point 
and I wanted to keep them separate.)

When I say origination of route advertisements, I am not talking about the 
ORIGIN attribute in the BGP Update.

I am talking about an ISP that creates a BGP Update that has an AS_PATH 
containing only its AS number.  That is the point at which a route is 
first advertised into the BGP system.  I'm talking about an action, not a 
protocol field.

It is indeed possible for a route to modify attributes other than the 
AS_PATH.  But many of those (local preference, community strings, etc) 
have only local significance.  And as we have seen, bogus AS_PATHs have a 
whole lot of impact.

--Sandy

_______________________________________________
Sidr mailing list
Sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr