Pretty Good BGP on Quagga
All, We just wanted to let you know that Pretty Good BGP (PGBGP) is now available for Quagga. The Internet Alert Registry (IAR) has been running it stably for a few months now and we wanted to open it up to early adopters. Overview: PGBGP is a distributed security mechanism for BGP that attempts to avoid prefix hijacks, sub-prefix hijacks, and spoofed paths. Each router individually computes its own idea of the origin ASes for each prefix based on the past few days of routing announcements. Routes for prefixes with new origin ASes are labeled as anomalous and are depreferenced for 24 hours, using the more trusted (stable) routes where possible. New links are also considered anomalous, as well as new sub-prefixes. New sub-prefixes are dealt with by choosing paths to the trusted less specific when possible for 24 hours. Opt-in emails are sent to operators to inform them of anomalies, to help them identify and fix the problem (if any) within the 24 hours. Hardware overhead: Running PGBGP requires roughly ~20MB of extra RAM. Adding additional BGP sessions does not significantly affect PGBGP memory usage. CPU requirements are minimal. Routing performance: Sometimes, PGBGP will select an inferior path in order to avoid an anomalous route. Our studies have shown that typically, anomalous routes are short lived (e.g. due to convergence churn). On the IAR, of the available 1,546,996 routes in the RIB, 5,111 of them are anomalous at the time of writing this email. There are corner cases in which PGBGP could cause loss of reachability, and they are discussed in the papers. Documentation, papers, links to NANOG presentations, and the patch itself are available at the project's webpage: http://cs.unm.edu/~karlinjf/pgbgp/ If you're interested in PGBGP or would like to help further BGP security research, please give it a try and let us know that you're running it. We'd be happy to entertain suggestions, discuss the protocol, and provide support. Thanks for your time, Josh
Re: OIX Routeviews
Jason, > Excuse the OT post, I can't seem to send mail to routeviews.org and this > is a last resort. Did you try [EMAIL PROTECTED] In any event... > A while ago, David Meyer asked if anyone was still using the "sho ip > bgp" format rib on routeviews.org. For a few months the rib dump > process has been broken. Are the "sho ip bgp" ribs gone for good? No, the 'show ip bgp' RIBs aren't gone. We're just not screen scraping them from route-views.routeview.org any longer, Rather, John Heasly wrote some code that generates 'sh ip bgp' format from the MRT RIB dumps. These can be found on archive.routeviews.org. Let us know if you can't find what you need. Thanks, Dave signature.asc Description: Digital signature
OIX Routeviews
Excuse the OT post, I can't seem to send mail to routeviews.org and this is a last resort. A while ago, David Meyer asked if anyone was still using the "sho ip bgp" format rib on routeviews.org. For a few months the rib dump process has been broken. Are the "sho ip bgp" ribs gone for good? jas
Re: SANS: DNS Bug Now Public?
It has been public for a while now. Even on the print media, there are some articles about it on the latest Computerworld mag without giving too much detail about how to exploit it. ie PATCH NOW !!! Cheers Jorge
Re: SANS: DNS Bug Now Public?
matasano blogged about it cache of the original post here.. http://beezari.livejournal.com/ matasano apologizes here http://www.matasano.com/log/1105/regarding-the-post-on-chargen-earlier-today/ dan posts (13 - 0) 13 days left to blackhat opposed to the 0 days since the details were discussed http://www.doxpara.com/?p=1176 halvar flake speculation http://addxorrol.blogspot.com/2008/07/on-dans-request-for-no-speculation.html post on daily dave http://seclists.org/dailydave/2008/q3/0070.html On Tue, Jul 22, 2008 at 8:40 AM, Jon Kibler <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > SANS is reporting that Kaminsky's DNS bug may be now being exploited in > the wild. See: >http://isc.sans.org/diary.html?n&storyid=4765 > > Jon Kibler > - -- > Jon R. Kibler > Chief Technical Officer > Advanced Systems Engineering Technology, Inc. > Charleston, SC USA > o: 843-849-8214 > c: 843-224-2494 > s: 843-564-4224 > > My PGP Fingerprint is: > BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkiF1T8ACgkQUVxQRc85QlMN1ACfTR8oJRy2V27+c5PjERcUjgIU > evAAn1sDR9xMc1bEmTeygXl7QkF9er2T > =eqbc > -END PGP SIGNATURE- > > > > > == > Filtered by: TRUSTEM.COM's Email Filtering Service > http://www.trustem.com/ > No Spam. No Viruses. Just Good Clean Email. > >
SANS: DNS Bug Now Public?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SANS is reporting that Kaminsky's DNS bug may be now being exploited in the wild. See: http://isc.sans.org/diary.html?n&storyid=4765 Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiF1T8ACgkQUVxQRc85QlMN1ACfTR8oJRy2V27+c5PjERcUjgIU evAAn1sDR9xMc1bEmTeygXl7QkF9er2T =eqbc -END PGP SIGNATURE- == Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
