Thursday 6 October 09:30 - 10:00, Red room
Mike Benjamin (Level 3 Communications)
Trust is an important aspect of our daily actions on the Internet. Trust model discussions often focus on endpoints or even venture into TCP/IP and DNS, but rarely do they consider the important role BGP plays. BGP provides distributed control over core decisions, such as where packets go and how they get there. Despite this important piece of operating the Internet, many of the validation and security mechanisms have remained unchanged since the 1990s. This talk will cover the current state of BGP, some real-world examples of data, unique perspectives on it, and what is being done to improve the state of Internet routing.
The data reviewed will include answers to questions such as: What percentage of the Internet is announcing routes that can't have ownership independently validated? How many routes shouldn't even exist in the global routing table? What parts of the world are the worst offenders?
The talk will also introduce real-world assumptions that can be used to create models for hijack detection in any organization. After applying these assumptions, the same data points will be reviewed over an extended period of time.
Finally, attendees will be provided with an overview of route validation methods, including industry best practices such as bogon filters, large-scale mechanisms including IRR, and cryptographic origin validation using a tool like RPKI. The discussion will also ensure coverage of future developments to solve not just origin validation but also full path validation.
Mike Benjamin, Principal Security Architect, is a member of the Threat Research Team at Level 3 Communications where he focuses on enumeration and cleanup of malicious infrastructure. His current focus is on botnets, ransomware and exploit kits – working to create forensic and data-led methods for detection of the infrastructure that operates these points of malice. In the past 17 years Mike has held a variety of positions at Level 3 and Global Crossing, including security, systems, software development, and network technical leadership. His tenure as one of the lead network architects at Global Crossing provided him multiple years of focus on BGP that he has continued research during his current focus on security.