BGP Security

Home » BGP Security

Versión 0.2 - 10th March, 2009

Introduction

Internet is a chain of trust, BGP is the glue that fits pieces together.

“The wonderful thing about the Internet is that you’re connected to everyone else,
the bad thing about the Internet is that you’re connected to everyone else”

Vint Cerf

Threats

Chain of trust between tiers
Weak peer filtering policies
Internet Routing Registry abuse
Routing infrastructure compromise
Protocol vulnerabilities

Blackholing

Youtube incident

Man-in-the-middle Hijacking

-

Steps:

Reconaissance
Engineering
Compromise
Poisoning
Traffic interception
Abuse
Forwarding
Obfuscation

ip prefix-list NET A.B.C.0/24
route-map HIJACK permit 10
match ip address NET
set as-path prepend 10 20 200
route-map HIJACK permit 20
router bgp 100
neighbor <AS10_PEER> route-map HIJACK out

Ghost Hijacking

-

Certifications »

GÉANT2 Security Toolset instructor certification

GÉANT2 (GN2) Security Toolset consists on the netflow analysis tools NfSen and NfDump and the FlowMon appliance. I have been attending the GN2 Security Toolset with the “train-the-trainers” module, at Switch NREN facilities in Zurich, that certifies me to teach that training within other non-profit constituencies.

Featured »

Headline »

News »

Personal »

Podcasting »

Publications »

“pf + CARP” article at Hakin9 magazine

I have writting an article about how to deploy a network-based firewall based on OpenBSD packet filter (pf) providing high-availability combining Common Address Redundancy Protocol (CARP) and state-table synchronization (pfsync). It describes a case study …

Talks and Trainings »

“Dark Side of the Internet” talk at ESNOG meeting

ESNOG, Spanish Network Operators Group will celebrate their 1st technical meeting next 4 of February in Escuela Superior Politécnica at Universidad Autonoma de Madrid with the participation of cutting-edge speakers such as Joao Damas from ISC, Filiz Yilmaz …

Uncategorized »

Videos »

You need to log in to vote

The blog owner requires users to be logged in to be able to vote for this post.

Alternatively, if you do not have an account yet you can create one here.

Powered by Vote It Up