Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] Is BGP safe for your ISP?

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] Is BGP safe for your ISP?


Chronological Thread 
  • From: "Seesink, Frank" <>
  • To: "" <>
  • Subject: Re: [Security-WG] Is BGP safe for your ISP?
  • Date: Mon, 20 Apr 2020 16:08:12 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=unc.edu; dmarc=pass action=none header.from=unc.edu; dkim=pass header.d=unc.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bBBDEKGzeJkBS1xlH6FXDcuNJZTKq6h+mFv67ls+G1g=; b=Lt6TkFS0QvaECYKx+7jqjWIkzm15l356BuQOln/oxJxlZAPHjdwo75JXp72AbgkWGNYvNcqeWzSEHsByTDV9h3491kiav1sJ4Dfvb1zXUS871+im/RXwFC5x8/6rT+g6541kw5dMUQYndlHAacw+WW2NmIUq+L9zTmcS0rHt1L2zf8rHrPocXFeB+GUjsSBl7tLRKFeJcfyhHBfLtyEfTnFAGsqiWeI1G9T3Hug4tUUpAAce09WWKDFHY95LOJtgv4uk73lO7FIRTIslYG21Jbv2/cy8BzdDDYHf/dUQGBICQcLWrwAv1kzqIfsZ2tTDwmtUKHpx2CGjZ8bWHxiCBg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dJ36F9WPFxJMHgpbkr/0cIvZFNkqwVMNXr5p3Wkgj6qasQOvqGnMTuPeYQmcZhz99COQorRYpD/Zuy2zaWcCN9plVxHKVcn9YRtxLMuV1zkuIyJhFQN1MGr8iugPFUFTONp98XbFEfov977mYsZcTuHuC8FNmebtNbXVPsB4JmqyhOupByfL6bZDHnNP/Pvx7oBthDyGvC2jllVloal6yKn/+3V4sDLBiXl/zKL6mg8aHAN4Lim7A7wGILI/SJy9ck15fVeUCiMadGEy7Q3FpRysrKwxmvDBc+iVdFyC2SzEOTdVuyPpTWGVUO3WtwCSxVEM0AIXx0Tq3RyZNamsKA==

Not true apparently.  Just checked and got this:


which, frankly, surprised me. :-)  (I have AT&T Fiber at home.)

Run from campus, though, I got a fail.

But suspect you’re not far off.  It may not be “absolutely no one”, but likely very few.

But to Jesse’s later point of starting a conversation, I would still be curious to see what folks see for their various providers.  And yes, these oversimplified pages, while well intended, tend to cause those responsible for networks more headaches than help, much as the speedtests you mentioned.  But it’s better to be aware these exist, as at least this way folks can be prepared for the inevitable questions/comments that come.

Like any tool, it’s a double-edged sword.  It has its place in the right context.  But most of the time, only a select few understand that context.  Everyone else just sees “red light bad!  green light good!” or similar.

It’s like when your WFH folks are having issues and think it’s the VPN because their observations are that campus resources are slow but other things (e.g., Netflix, etc.) are fine.  So someone suggests running a speedtest.  Of course, it’s inevitable that suddenly dozens if not hundreds are all running speedtests simultaneously, often with several on the same last mile provider, and against the same servers, and then they’re surprised when they get slow results! *hangs head*  (And the example I’m thinking of turned out not to be anything campus related, but a specific broadband provider who had a saturated cross-connect to the upstream ISP for the campus.  So it was no fun for anyone.)

Frank Seesink
Senior Network Engineer
ITS Communication Technologies
UNC-Chapel Hill | ITS Franklin, Office 1006
+1 919.445.0844

On Apr 20, 2020, at 9:52 AM, A N <> wrote:

Much as I love the spirit of this page, my hunch is absolutely no one comes back with anything other than FAIL. My ISP is a fail.

On Mon, Apr 20, 2020 at 1:43 PM Jesse Bowling <> wrote:
Looks like this got put out (Cloudflare I think), and I just ran across:


Curious how others appear...My ISP (Duke, while on VPN) shows up as not secure.

<Screen Shot 2020-04-20 at 9.38.07 AM.png>

Cheers,

Jesse 
--
Jesse Bowling
ITSO::Security Architect & CSIRT Program Manager
jesse.bowling[AT]duke.edu::919-660-1073
334 Blackwell St::Durham, NC::27701





Archive powered by MHonArc 2.6.19.

Top of Page