Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

8/13/2019
02:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Internet Routing Security Initiative Launches Online 'Observatory'

Mutually Agreed Norms for Routing Security (MANRS) lets network operators and the public view online router incidents worldwide.

An Internet Society-backed effort to thwart malicious Internet traffic and abuse now tracks routing incidents online via a free tool that also shows how much of its agreed-upon set of routing security and resiliency practices that network providers worldwide have adopted to date.

The Mutually Agreed Norms for Routing Security (MANRS) initiative's new MANRS Observatory turns up the heat on network providers' compliance to filtering incorrect or malicious routing information; preventing spoofed source IP addresses; validating routing information; and coordinating among other network operators. MANRS, which launched in 2014, includes members such as Comcast, Google, and Microsoft, with more than 200 network operator members and 35 Internet exchange points. The initiative hopes to quell attacks on the Internet's routing infrastructure.

There were some 12,000 routing outages or attacks worldwide in 2018, the group says. One particularly painful incident last November misrouted Google's traffic through China after a Nigerian ISP misconfigured a routing protocol filter. The mistake ultimately took down the Net in several regions and raised privacy concerns. 

"Routing security remains a problem," says Andrei Robachevsky, senior technology program manager at the Internet Society. "Routing is often a target to affect other services" on the Internet, he says.

The MANRS Observatory in part is intended to give members a visual reality-check on where they stand in advancing the security and resiliency of the Internet routing infrastructure, according to Robachevsky. "We need to work at being more transparent and more measurable," he says. "It [puts] internal pressure on participants so they cannot hide behind state websites" of routing statistics.

Observatory has both a private and public interface, and it aggregates data from a number of third-party sources into a dashboard that helps spot trouble areas for network providers. "The tool allows you to see by region and country for your individual network," he says, and gives a read on the security of the provider's routing infrastructure.

Economic Challenges
Internet security expert Paul Vixie says one hurdle for network providers in adopting routing security practices such as source address validation is that it benefits their competitors. "If you're investing in making your network cleaner, you will not be the primary beneficiary. Your competitors will be, and that's often a tough sell."

He says the MANRS Observatory should help the initiative gain more traction. "MANRS makes it formal what it means to not be 'that guy'" with the insecure routing infrastructure, says Vixie, founder and CEO of Farsight Security.

Meanwhile, MANRS plans to recruit content delivery network providers and more equipment vendors, and to continuously evolve and expand Observatory with greater measurement capabilities and other functions.

"We see Observatory as a performance barometer," Robachevsky says. It can help network providers see routing problems they didn't know they had in certain regions, for example. "Another thing is social responsibility, the cornerstone of MANRS. Being transparent."

Related Content:

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
8/14/2019 | 3:31:17 PM
Great Article on Distance Vector Routing Algorithms
I submitted an RFI (Request for Information) to Florida Dept. of Transporation (FDOT) and it was based on TRILL, they wanted something like SPB (Shortest Path Bridging), but what I found to help address some of their traffic issues would be to implement a Distance Vector Routing Algorithm into the mix which redistributing the routes using R-bridges and IS-IS (Intermediate System Intermedia System).
dx(y) = minv{ c(x,v) + dv(y)}     for each node y in N

"Distance vector routing is an asynchronous algorithm in which node x sends the copy of its distance vector to all its neighbors. When node x receives the new distance vector from one of its neighboring vector, v, it saves the distance vector of v and uses the Bellman-Ford equation to update its own distance vector. The equation is given below" - Distance Vector Routing Algorithm or DRA for short

TRILL (Transparent Interconnection of Lots of Links), it uses R-Bridges; R=Route Bridges are used to communicate with each other by creating a grid. This grid could be used to connect the internet in a way where each link shares cost information with its surrounding neighbor; however, if there are links that go down, it uses the DRA to route traffic through another route-bridge. In this example, we can use R1, R2, R3 (indicative on the chart) to help route traffic across the globe without traffic being disrupted (self-healng and learning by creating a math matrix based upon specific factors). Dr. Injong Rhee (NC State Univ. professor, now with Samsung) came up wtih BIC-TCP and CUBIC to help address some of the routing problems with tcp windows adjustment size on the fly but that is for another conversation (CUBIC is used in VMware as part of its routing algorithm, but it has to be selected).

TRILL Link Connections

 

So even if we removed a route, connection or link, the system would be able to learn and route traffic by using another path, again the system has the ability to learn based on priority, path, speed, and congestion (the X, Y, Z are criteria and the numbers represent specific patterns and priorities associated with the network (TRILL - Link State Routing Algorithm and IS-IS can both work with IPv6 to address convergence issues because IPv6 addresses HOP/Distance count, MITM attacks,  Security (IPSec VPN) and it works with globlal routing protocols like MPLS and BGPv4 but if properly configured, TRILL could feed into IS-IS and IS-IS could feed into BGPv4 or MPLS. The links are represented by one count so the number of hops can be signficantly reduced thus improving performance and reduce routing cost/redundancy.



From a prior conversation, this would be a geat use case where ML can quantify better metrics and calculations identify improvements in the algorithms and routing security issues.

Possible ideas to ponder over.

T
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20288
PUBLISHED: 2021-04-15
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associa...
CVE-2021-31229
PUBLISHED: 2021-04-15
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
CVE-2021-28548
PUBLISHED: 2021-04-15
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploi...
CVE-2021-28549
PUBLISHED: 2021-04-15
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploi...
CVE-2021-30209
PUBLISHED: 2021-04-15
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.