Category Archives: URSA

Routing security: work with what you’ve got!

It seemed like there would be little appetite for discussing next steps in routing infrastructure authentication and verification after the DDoS attack on Dyn (October 2016), when it became clear that large scale attacks are feasible without spoofing IP addresses, hijacking prefixes, or otherwise falsifying Internet infrastructure numbers and routing. Already a tough sell to get operators to consider incremental (let alone architectural) updates to do origin authentication and some manner of routing announcement verification, the Dyn attack provided a clear and present danger that would not be addressed by such updates, so why bother with them?

Continue reading

Necessary… but not sufficient: Are we on the right track for Internet security?

Last Wednesday,  in the hallways of the NANOG 68 meetings in Dallas, I started asking a question that goes to the heart of prioritizing work to improve Internet security; on Friday, with the DDoS attack on Dyn’s infrastructure, we got some searing insight into why it is quite possibly an urgent question.

Continue reading

Routing Security — why trust information?

Trust is in the eye of the beholder – but it has to be based on something.   In different contexts, crypto may be more relevant than heuristics, and vice versa.  Traditionally, in Internetworking, business relationships have had a big role in determining whether or not to trust information being offered by another part, whether for routing information or for other network operations.

Continue reading