Show 93 – Lies and Routing in the Internet

This show is few moments to breathe, take stock, and meditate about peace in our time and listen to someone else do the talking. Today, Packet Pushers is re-broadcasting a recording of a presentation by Geoff Huston from the AusCERT2011.

I have to say that I’ve always known that Internet routing was a mess but Geoff breaks it down in approachable and easy to understand way that drives home just how unreliable and insecure the Internet is. Chilling stuff and well worth listening to. Geoff Huston is a well known and respected figure in the development of the Internet.

Here is the description form the conference website:

Securing the Internet’s Foundations – Addresses and Routing

The framework of trust that supports the operation of the internet starts with a basic assumption about the uniqueness of IP addresses and the integrity of routing. If this assumption fails then the internet is exposed to many forms of subversion and attack. This presentation will outline the role of addresses and routing and the potential attack vectors, and will also report on the progress to establish a secure framework for addresses and their use in the Internet, highlighting the progress in establishing a secure routing environment for the Internet.

APNIC’s Geoff Huston on routing system “lies”

This was recorded by Risky.biz – a podcast on information security which I listen to every week. The host, Patrick Grey is a freelance security journalist who really knows his stuff. I’d sure like to meet up and meet both him and Adam Buarlow(?) someday.

Risky Business is a great show which a good practical mix of security news and interviews with interesting people. A big shout out to Patrick Grey who kindly gave me permission to use his recording. And thanks to Geoff Huston who also gave his permission to rebroadcast this recording.

About Geoff Huston

Geoff Huston is the Chief Scientist at the Asia Pacific Network Information Centre (APNIC), where he undertakes research on topics associated with Internet infrastructure, IP technologies, and address distribution policies. Prior to APNIC, Geoff was employed as the Chief Internet Scientist at Telstra and Technical Manager of the Australian Academic and Research Network (AARNET). He was a leading figure in the development of Australia’s academic and commercial Internet services.

Potaroo

Greg Ferro
Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count. He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.
Greg Ferro
Greg Ferro
Greg Ferro

Latest posts by Greg Ferro (see all)

  • Lindsay Hill

    Adam Boileau, aka metlstorm is the name you’re looking for. Hopefully I’ll make it along to this months ISIG meeting in Auckland to see him speak.

    Quite agreed about Risky.biz – I’ve been listening to it myself for quite some time. I find the news roundup section very useful. I also like the way Patrick has managed to get sponsor interviews going – it ties together with the show well

  • http://twitter.com/andrewjones141 Andrew Jones

    any chance of getting hold of the slide deck?

  • Lindsay Hill

    All presentations from Geoff are here: http://www.potaroo.net/presentations/index.html

    That specific talk is available in PDF (http://www.potaroo.net/presentations/2011-05-16-route-secure.pdf) or PPT (http://www.potaroo.net/presentations/2011-05-16-route-secure.ppt)

  • http://twitter.com/paulgear1 Paul Gear

    Geoff Huston is always good value to listen to, but one of his weaknesses is that he doesn’t point the way forward.  I would really like to hear PP do a follow-up episode of practical suggestions for what we can do about it.

    For example, Geoff seemed to suggest that partial deployment was not useful, but i think some good counter-arguments could be made.

    Likewise, he seems to suggest that signed BGP will be the way to secure it going forward, but if CAs can’t make SSL work, why would BGP certificates be any different?  BGP is much less visible in the public eye, and there would be much less pressure on those administering it to announce it if they have been compromised.

    • Dan

      I would also like to hear a followup show.

  • Markh1289

    Great to hear the ‘dirt’ on some of the carriers I’ve worked at … Optus, Telstra (the latter of whom seemed to be overly grateful for routes from Dodo recently and broken some enterprise Telstra Internet connectivity)

7ads6x98y