Is the internet going down on Thursday?

Toggle sidebar Toggle sidebar
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
its pretty serious. the core of the internet and peering relationships should be pretty solid as most providers I know use authentication.

but at the access layer there may be trouble.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
I know OpenBSD is less effected than most other systems. ;)

And atleast one other open source OS is using the same method. I think it's the grsecurity patches for Linux, but I'm not positive.
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: n0cmonkey
I know OpenBSD is less effected than most other systems. ;)

And atleast one other open source OS is using the same method. I think it's the grsecurity patches for Linux, but I'm not positive.
Click to expand...

yeah, but openBSD doesn't run the internet.

silly!
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: spidey07
Originally posted by: n0cmonkey
I know OpenBSD is less effected than most other systems. ;)

And atleast one other open source OS is using the same method. I think it's the grsecurity patches for Linux, but I'm not positive.
Click to expand...

yeah, but openBSD doesn't run the internet.

silly!
Click to expand...

Not yet :D

I keep seeing reasons not to use some of those big names out there... Maybe if they paid attention to what Free and Open Source Software projects were doing... ;)
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: n0cmonkey
Originally posted by: spidey07
Originally posted by: n0cmonkey
I know OpenBSD is less effected than most other systems. ;)

And atleast one other open source OS is using the same method. I think it's the grsecurity patches for Linux, but I'm not positive.
Click to expand...

yeah, but openBSD doesn't run the internet.

silly!
Click to expand...

Not yet :D

I keep seeing reasons not to use some of those big names out there... Maybe if they paid attention to what Free and Open Source Software projects were doing... ;)
Click to expand...

maybe if they were able to forward at multi-gigabit speeds without being so bus limited and feature limited.

puh-lease. I've had this argument with the BSD bigots before. It simply cannot do what a real piece of network hardware (designed from the ground up to move packets...specifically in hardware) can do.

BSD will always be limited to the underlying hardware and never will compete with a router
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: spidey07
Originally posted by: n0cmonkey
Originally posted by: spidey07
Originally posted by: n0cmonkey
I know OpenBSD is less effected than most other systems. ;)

And atleast one other open source OS is using the same method. I think it's the grsecurity patches for Linux, but I'm not positive.
Click to expand...

yeah, but openBSD doesn't run the internet.

silly!
Click to expand...

Not yet :D

I keep seeing reasons not to use some of those big names out there... Maybe if they paid attention to what Free and Open Source Software projects were doing... ;)
Click to expand...

maybe if they were able to forward at multi-gigabit speeds without being so bus limited and feature limited.

puh-lease. I've had this argument with the BSD bigots before. It simply cannot do what a real piece of network hardware (designed from the ground up to move packets...specifically in hardware) can do.

BSD will always be limited to the underlying hardware and never will compete with a router
Click to expand...

The bigger cisco stuff is higher tech. The lesser cisco stuff is PC hardware, or less. MIPS is supposed to be awfully popular.

I won't argue against the HIGH end cisco stuff though. Most of it is probably worth the money.

No, I don't think OpenBSD will one day run the Internet. But denying that Cisco, Juniper, and any other big corporation out there couldn't take a hint from the FOSS projects out there is denying the obvious.
 
C

cmetz

Platinum Member
Nov 13, 2001
2,296
0
0
Death of Internet predicted. Film at 11.

These scares happen all the time. Only once in my memory has there been a really serious network-wide problem resulting from an attack on routers (the small-servers DoS) and the media was quiet on that one.

In this case, the fix is to follow the best practices for BGP session setup that were established ca. 1999. If you're a major ISP, and you aren't following BGP routing best practices from *this #@%$! month* then you deserve what you get. Failure to follow best practices that are five years old... I'm just not sympathetic at all.
 
B

Boscoh

Senior member
Jan 23, 2002
501
0
0
Prediction: Those ISP's/companies using encrypted BGP links, auth, and/or anti-spoofing will not be directly affected by this. The smaller ISP's that dont know what they're doing and some of the idiots that work at the bigger ones who left their BGP links wide open might be affected, outages might occur, and hopefully the stupid ones will get fired to make room for the people who know their stuff to get jobs. Keep in mind, these protective measures in BGP are NOT a new thing, they've been around a while and for good reasons. If your links are wide open at this point, you need to be updating your resume and calling recruiters.

My $.02
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: Boscoh
Prediction: Those ISP's/companies using encrypted BGP links, auth, and/or anti-spoofing will not be directly affected by this. The smaller ISP's that dont know what they're doing and some of the idiots that work at the bigger ones who left their BGP links wide open might be affected, outages might occur, and hopefully the stupid ones will get fired to make room for the people who know their stuff to get jobs. Keep in mind, these protective measures in BGP are NOT a new thing, they've been around a while and for good reasons. If your links are wide open at this point, you need to be updating your resume and calling recruiters.

My $.02
Click to expand...

you have no idea just how few people that actually "know there stuff" there are.
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: FreshPrince
authentication should be both ways, and I doubt many isps support that...
Click to expand...

BGP auth HAS to occur on both neighbors, otherwise they will never neighbor up.
 
C

cmetz

Platinum Member
Nov 13, 2001
2,296
0
0
spidey07, IPsec AH with MD5 is almost exactly the same processor overhead as TCP MD5. The TCP MD5 thing was intended to be a temporary hack while waiting for IPsec AH to be standardized, then everybody was going to switch to it. Meanwhile many folks didn't use TCP MD5, waiting for the real thing instead. Today, neither Cisco nor Juniper to my knowledge support AH for this. Too bad, too, because the TCP MD5 has some problems.

IPsec doesn't have to == ESP.
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: cmetz
spidey07, IPsec AH with MD5 is almost exactly the same processor overhead as TCP MD5. The TCP MD5 thing was intended to be a temporary hack while waiting for IPsec AH to be standardized, then everybody was going to switch to it. Meanwhile many folks didn't use TCP MD5, waiting for the real thing instead. Today, neither Cisco nor Juniper to my knowledge support AH for this. Too bad, too, because the TCP MD5 has some problems.

IPsec doesn't have to == ESP.
Click to expand...

thanks for the rebuttal/info. I always cringe when I hear IPsec and router in the same sentence.
;)
 
C

cmetz

Platinum Member
Nov 13, 2001
2,296
0
0
spidey07, that doesn't bother me. What's scary is that some people seriously want to public-key authenticate every BGP route. 140,000 RSA signature checks to bring a link up...
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Originally posted by: cmetz
spidey07, that doesn't bother me. What's scary is that some people seriously want to public-key authenticate every BGP route. 140,000 RSA signature checks to bring a link up...
Click to expand...

ewwwww
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom