IRR Security: BCP Vulnerabilities in the IRR

BGP is based on TCP and any of the TCP denial of service could be effective.

To protect BGP, you can use IPSEC, TCP and BGP (MD5 ) mechanisms.

You can sign the originating AS, the originating AS + first hop, the originating AS and the AS-PATH.

The Registry to check the NLRI origination as well as the AS_PATH. The level of information in the registry would have to be trusted. The communications with the registry would have to be trusted.

The requirements for the use of the regsitry:

Authentication of source of data and the data itself.
Authorization of source and data
- Timeliness
- Completeness

This page has been accessed times since .

Copyright © 1998 Stan Barber. Reproduction with attribution granted.
Academ Consulting Services
P.O. Box 300481
Houston, Texas 77230-0481
Comments via email to www@academ.com
Academ Consulting Services is a registered trademark.

IRR Security: BCP Vulnerabilities in the IRR

Sandy Murphy

Table of Contents

Stan Barber's Notes