BGP Hijacking Continues, Despite the Ability To Prevent It

An anonymous reader writes: BGPMon reports on a recent route hijacking event by Syria. These events continue, despite the ability to detect and prevent improper route origination: Resource Public Key Infrastructure. RPKI is technology that allows an operator to validate the proper relationship between an IP prefix and an Autonomous System. That is, assuming you can collect the certificates. ARIN requires operators accept something called the Relying Party Agreement. But the provider community seems unhappy with the agreement, and is choosing not to implement it, just to avoid the RPA, leaving the the Internet as a whole less secure.

More importantly

Why do we continue to allow peers that have proven to be problematic in the BGP backbone? simply do not share routes with these ASs any more and fuck their shit hole countries until they stop dicking with the core of the internet.

its not like any old admin can be like "Ok i'm going to broadcast bad routes that will be observed and respected by all the core routers of the internet"

no these people have special agreements with the neighbours they route with, its not like BGP packets just fly around the internet from some random workstation belonging to a hacker magically find their way onto the private vlans the cores use for bgp traffic.

even if it wasnt technically preventable it should simply be resolved by refusing peering after an incident.

Re:BGP?

[nblender]

I guess I disagree. I don't want to have to see "Transmission Control Protocol / Internet Protocol" the first time in every article that mentions TCP/IP... I'm surprised you also didn't mention that "ARIN" wasn't expanded, or "IP"... Probably because you know what those mean. I've been in this industry for dozens of years and there are abbreviations that come up all the time that I don't know but I just google them... It's not a big deal.

Re:BGP?

[David_Hart]

I don't think BGP is simple enough for a non-nerd...

Since when did "nerd" only cover people who understand BGP? I don't remember that on the entrance exam...

Heaven forbid anyone should be allowed to come away from reading a story on Slashdot more informed. Can't be having that!

A simple, painless expansion of an acronym would at least give every reader a fighting chance at a rough guess of what it does, or at least what it relates to.

Um... given that BGP is THE core routing protocol for the Internet... Yeah... you should at least know what it is at a basic level. It fits into the same category as DNS, HTML, ISP, etc.

It's a lot like the programmers talking on here about the Waterfall model. It's expected that if you don't know something that you will take 5 seconds to look it up. Just maybe you'll learn something new... oh horrors... (grin)

For those who still don't know, BGP stands for Border Gateway Protocol. At a very basic level, it's a routing protocol used to advertise routes between ISPs and other Internet connected organizations. It's these routes that we use to get to Netflix, for example.

Prefix This

[TheRealHocusLocus]

Just flipped down the thread:

AAAAASSSS????ASSSA?FFbFbb??bBM

Key:
A = messages complaining about use of acronym, explaining it
S = messages questioning relevance of BGP to 'Nerd', answers
? = WTF responses (Fry, Bennet)
F = political views (fuck ARIN, fuck legalese, fuck de Man)
b = relevant but misinformed (filtering not quicky-solve, RPKI not Kill Switch)
B = relevant, thoughtful response to a 'b'
M = this, meta message about thread.

If the rest of the Internet was like this, no actual routes would ever be advertised.

My life is light, waiting for the death wind,
Like a feather on the back of my hand.
Dust in sunlight and memory in corners
Wait for the wind that chills towards the dead land.
~T.S. Eliot