Home · BGP Expert Test · What is BGP? · BGP Vendors · Links · Archives · Books · My New BGP Book

Interdomain Routing News Archive

• On December 17th, Yahoo News published an article about hackers attacking the router infrastructure of the Net. The story is pretty much completely without merit. First of all, no incidents or specific threats of hackers actually attacking routers, or realistic ways in which they might accomplish this, are given. The bit about using the default password sounds especially implausible. If only because Cisco routers don't come with a default password: if you don't set a password yourself, it is impossible to telnet to the router. I've never heard of a BGP-running router without adequate password protection.

  The idea that routers might be vulnerable to denial of service attacks is not completely out in left field, but adequate access control filters and enough CPU power easily neutralize this threat.

  The stuff about MD5 protection of BGP sessions is plain and simple wrong. Have a look at some remarks about BGP passwords and MD5 in the old news (Q3 2001) section for better information. (Or, better yet, read RFC 2385. It's just six pages.)

  Secure BGP (S-BGP) might sound like a good idea, but I'm far from sure that making the routing system depend on something as complex and (at least potentially) fragile as a public key infrastructure is a good idea. "We're very sorry, but the root CA certificates expired, so there won't be any internet today." Besides, in the current situation each network can build all the filters it deems necessary. This way, routes are only used when they are announced by the neighboring network and if they're allowed through the manually created filters. The chances of both screwing up in exactly the same way are very small.

  Also, a PKI system might open up additional ways in which a router could be the victim of a denial of service attack. The required RSA computations are extremely CPU intensive, so an attacker would only have to deliver a small number of falsified routing updates to keep a router very busy rejecting them.

• On November the 28th, I attended the "The Next Net" conference in Amsterdam, organized by Dutch chapter of the Internet Society (ISOC).

  The key note address was delivered by Vint "father of the Internet" Cerf, who was in The Netherlands to pick up another honorary Ph.D. at the University of Twente. (Don't worry -- he has a real one from UCLA as well.)

  He told the audience he is reluctant to accept credit for founding the net, since that means receiving the majority of the blame as well, and went on to analyse the IPv4 address depletion and the pros and cons of net-enabled socks. He is currently working on some interesting things (for instance, an interplanetary network for communicating with space probes for NASA), so check out his web pages at Cerf's Up.

  Prior to The Next Net, Jaap Akkerhuis from the .nl TLD registry talked about an analysis he made of the impact of the events of September 11th on the net. This is the same analysis he presented at the ICANN general meeting mid-November.

  Slides of the presentation (PDF)
  Extensive archives of the ICANN meeting (but hard to find specific information)

• On October 16th, the London Internet Exchange (LINX), Europe's largest interconnect point (10 Gbps), had an outage for most of the day. News articles:
  • Newsbytes
  • The Register

• The Renesys Corporation has published a preliminary report indicating that the Code Red II and Nimda worms caused a somewhat alarming instability in global routing. Remarkably, this instability lasted much longer than those caused by (even quite large) outages. When important links go down, BGP converges within minutes and remains stable after that. The worms on the other hand made the interdomain routing system less stable for many hours.

  Global Routing Instabilities during Code Red II and Nimda Worm Propagation

• Internet Still Growing Dramatically, says Lawrence Roberts, one of the pioneers of the ARPANET.