Presented at Virus Bulletin 2016 and BSides Denver 2016.
Trust is an important aspect of our daily actions on the Internet. Trust model discussions often focus on endpoints or even venture into TCP/IP and DNS, but rarely do they consider the important role BGP plays. BGP provides distributed control over core decisions, such as where packets go and how they get there. Despite this important piece of operating the Internet, many of the validation and security mechanisms have remained unchanged since the 1990s. This talk will cover the current state of BGP, some real-world examples of data, unique perspectives on it, and what is being done to improve the state of Internet routing. The data reviewed will include answers to questions such as: What percentage of the Internet is announcing routes that can't have ownership independently validated? How many routes shouldn't even exist in the global routing table? What parts of the world are the worst offenders? The talk will also introduce real-world assumptions that can be used to create models for hijack detection in any organization. After applying these assumptions, the same data points will be reviewed over an extended period of time. Finally, attendees will be provided with an overview of route validation methods, including industry best practices such as bogon filters, large-scale mechanisms including IRR, and cryptographic origin validation using a tool like RPKI. The discussion will also ensure coverage of future developments to solve not just origin validation but also full path validation.
mikeb
ysuzuki
ekito_station
yokomachi
rfdnxbro
fullkaiten
shimy
kworkdev
hoshi7_n
ryansbcho79
unnowataru
oidfj
civitaspo
axbom
chriscoyier
bryan
tammyeverts
aemeredith
cassininazir
baasie
codingconduct
lara
asonas
erikaheidi
soudai
![Origin Validation Options Method Coverage Adequate Trust RPKI 6.7% [1]](https://files.speakerdeck.com/presentations/1dbc79635f9f481c93758e3dbe05d826/slide_8.jpg){kind=link}
