bringing the internet down redistributing rogue BGP routes

Discussion in 'Cisco' started by Colin Cant, May 22, 2008.

  1. Colin Cant

    Colin Cant Guest

    I was just looking at following scenario:

    Some one or an rogue organisation builts up an ISP, which is multihomed over
    the globe with its locations, in all continents with the same AS number.
    Now, these bad guys would redistribute all other networks which would not
    even belong to them, i think you could cause a lot of trouble?
    All AS'es if not directly connected to each other would reroute to my rouge
    ISP, resulting traffic to end up in my AS --> in a blackhole.
    Of couse this would be a temporary condition, until found out by the other
    ISPs until they blocked the rogue AS.
    But i think this would cause some serious damage or?

    cheers colin
     
    Colin Cant, May 22, 2008
    #1
    1. Advertisements

  2. Colin Cant

    Colin Cant Guest

    well, i guess this proves that it is possible! Wow! This opens a new kind of
    market in the ISP world then right? ;-)
    terryfying but true. Nowadays a lot of stuff is done by IP, i don't wanna
    imagine what all could go wrong...
    But as an ISP how do i secure myself of such attacks? how do i alert my self
    if my routes are starting to get hijacked by a rogue AS?
    The youtube guys where rather fast..
     
    Colin Cant, May 22, 2008
    #2
    1. Advertisements

  3. Colin Cant

    Colin Cant Guest

    Well, of course, that was a prefix to much advertised!! uups! but think
    about, political or organisations who "accidentially" DoS a competitor's
    network range.
    this might come up in future, in combination of youre juristical location of
    the ISP, with local laws of the country, which are not as fare, as to punish
    such actions.
    this could provide us with some fun on the backbones..
    well, you notice you got no traffic, and no customers anymore for some
    time..
    how would you like to look at looking glasses with the routes of youre
    reverse path looking somewhere else?
    so you as an ISP need to have a Backup DSL of a diffrent ISP to check who
    hijacked youre networks and lookup the looking glasses.. ;-)
    What if the rogue ISP advertises /24's , rather a specific route.. in the
    internet usually nobody is going to accept e even longer match!
     
    Colin Cant, May 22, 2008
    #3
  4. Colin Cant

    Simon Leinen Guest

    I doubt that this would be a sustainable business model.

    [more hyperbole deleted.]
    I recommend looking at RIPE's RIS (Routing Information Service), in
    particular their MyASN tools, which include alerts about unexpected
    announcements of your prefixes. RIS collects routes from around the
    world (especially Europe :) in very closoe to real-time. I'm not
    sure how timely the MyASN alerts really are though.

    There are also commercial services that will monitor your routes,
    (Renesys).
    That's right.
     
    Simon Leinen, May 24, 2008
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.