tag:blogger.com,1999:blog-3993498847203183398.post9059058037894676137..comments2024-03-29T11:00:39.953+00:00Comments on RevK<sup>®</sup>'s ramblings: BGP Blackhole routesRevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-3993498847203183398.post-46268061383261228232015-11-23T14:11:03.205+00:002015-11-23T14:11:03.205+00:00Even though we are working to standards in terms o...Even though we are working to standards in terms of the way we interact with other systems, there are quite a few aspects of the Firebrick that work in some unique ways. So yes, competitive advantage, sorry.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-82462971012301924782015-11-23T14:08:56.949+00:002015-11-23T14:08:56.949+00:00What's the major draw back of publishing the s...What's the major draw back of publishing the source code?<br /><br />Competitive advantage? Since you're writing code to standards is there much unique code that competitors could take advantage of?Andrew Murphyhttps://www.blogger.com/profile/05559103554821540335noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-87235574835095526372015-11-23T13:22:13.913+00:002015-11-23T13:22:13.913+00:00Indeed - 1 and 2 are unlikely as we have very few ...Indeed - 1 and 2 are unlikely as we have very few people who work on the code and can contribute, and very tight control on who can sign code. As you say 3 is a certainty. That is why, as I say, some code may get released in time. I do recognise the issue though, however, as a small UK based development team, I think it may be easier to trust us than a large foreign faceless corporation - buy YMMV.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-24619457551726760712015-11-23T13:17:56.202+00:002015-11-23T13:17:56.202+00:00That's true, but there's more than one thr...That's true, but there's more than one threat vector here:<br /> 1. Someone at A&A with access to the baseband signing and verification level code is malicious.<br /> 2. Someone at A&A who can contribute to the code but can't compromise the base system is malicious.<br /> 3. Your code has bugs in it<br /><br />Nothing can defend against 1, but it doesn't have to - if we don't trust you not to be malicious, we shouldn't buy your hardware, full stop. #2 seems unlikely, but possible, and #3 is a virtual certainty. Publishing source mitigates both 2 and 3, by allowing people to inspect the code running on their router.<br /><br />At the least, I'd hope you recognize that for anyone with the same reservations as you about routers, the firebrick is no more a solution than any other offering. Without the source, the only person who can impute more trust to the firebrick than to other routers is you.nickjohnsonhttps://www.blogger.com/profile/10246332335331785919noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-54625864105806428442015-11-23T12:46:05.731+00:002015-11-23T12:46:05.731+00:00It is not out of the question that some code may b...It is not out of the question that some code may be made open source. We already publish the code used in the FireBrick to generate the graphs in png, for example.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-52015849548786325432015-11-23T12:43:38.571+00:002015-11-23T12:43:38.571+00:00This has been the subject of a long debate - even ...This has been the subject of a long debate - even publishing the source, you cannot be sure that what we put in FireBricks is the same as the source we published. To do that you would have to be able to build and sign code yourself and install on your FireBrick. Even then, you cannot trust that our boot loader code does not install some sort of shim in the Ethernet interrupt handling that does something underhand - you'd have to be able to build the boot loader and install via JTAG. Even then you are trusting (as we do) the chipset manufacturer (which may not be that stupid). At the end of the day you basically have to trust us to some extent, and if you don't then providing the source does not really solve that. We sign all code and only allow upload of signed code in to the brick, so this give customers some security that the code has not been messed with by someone else, which we think is probably for the best at the moment.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-27394015724391927472015-11-23T12:37:09.755+00:002015-11-23T12:37:09.755+00:00RevK, any plans to publish the source of the Fireb...RevK, any plans to publish the source of the Firebrick firmware? It's my understanding that you created the firebrick because you couldn't trust the reliability or security of other, closed-source routers, but without source, your customers are in exactly the same position you were when you started the whole exercise.nickjohnsonhttps://www.blogger.com/profile/10246332335331785919noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-408677089383707042015-11-22T15:48:46.385+00:002015-11-22T15:48:46.385+00:00Err, customers that we provide BGP to (a handful) ...Err, customers that we provide BGP to (a handful) can include 20172:666 community for blackholes. This is mostly some peers and customers with direct Ethernet connections in to us. We don't do BGP with broadband customers normally.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-62327471160533731742015-11-22T15:18:20.370+00:002015-11-22T15:18:20.370+00:00Great, is there any documentation on the IP addres...Great, is there any documentation on the IP address of the iBGP peers we should use to announce a blackhole? bottomless.aa.net.uk by chance?Markhttps://www.blogger.com/profile/10358906626130275959noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-5029146800511678352015-11-21T08:39:36.713+00:002015-11-21T08:39:36.713+00:00No more than BGP can be generally. E.g if you trus...No more than BGP can be generally. E.g if you trust a peer to send I such a route they can either take all the traffic or black hole it.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-33739149307067728402015-11-20T23:10:04.596+00:002015-11-20T23:10:04.596+00:00Is it possible that the black hole route mechanism...Is it possible that the black hole route mechanism could itself be used as a DoS attack on a particular user?Cecil Wardhttps://www.blogger.com/profile/16477035597238561739noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-63763269290570729692015-11-20T19:13:27.072+00:002015-11-20T19:13:27.072+00:00There is a draft standard, draft-ymbk-grow- blackh...There is a draft standard, draft-ymbk-grow- blackholing-01, well known community 65535:666. sthenhttps://www.blogger.com/profile/05604893355769981443noreply@blogger.com