Such is the nature of BGP. Something like SPF (eg: an authorized AS list for an ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

StudentStuff on Nov 5, 2018 | parent | context | favorite | on: China Telecom's Internet Traffic Misdirection

Such is the nature of BGP. Something like SPF (eg: an authorized AS list for an IP block) and DMARC (reporting about who tried to broadcast what IP block and was rejected) would be great, perhaps even have the latter component convey attack info so ISPs could deal with infected clients automatically.

Basic security mechanisms when it comes to large ISP networks are a pipe dream though, instead we get vendors pushing extremely vulnerable Juniper gear cause its reasonably priced, meanwhile these boxes have new root exploits found multiple times a year. None of the vendors give a crap about security, Cisco pays it some lip service (to win gov't contracts) but charges a premium for basic features.

jopsen on Nov 5, 2018 [–]

I'm amazed telecoms let's this happen, routing massive amounts of traffic the wrong way, must cause a lot of latency, right?

felix_nagaand on Nov 6, 2018 | [–]

Sure, but how many users care about 20ms to their local data farm versus 70 cross country and maybe 200 to China?

cronix on Nov 6, 2018 | | [–]

Right, they generally say "my phone is getting slow, time to upgrade"

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact