Sonic.net does not implement Border Gateway Protocol (BGP) safely!

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
8 posts Page 1 of 1
by Tribune » Sun Apr 19, 2020 7:20 am
This tool from Cloudfare says Sonic traffic is vulnerable to BGP hijacking.
by pandata » Sun Apr 19, 2020 10:37 am
TLDR:
BGP disruptions happen frequently, generally by accident. But BGP can also be hijacked for large-scale spying, data interception, or as a sort of denial of service attack. Just last week, United States Executive Branch agencies moved to block China Telecom from offering services in the US, because of allegedly malicious activity that includes BGP attacks.

On Friday, the company launched Is BGP Safe Yet​, a site that makes it easier for anyone to check whether their internet service provider has added the security protections and filters that can make BGP more stable.
-source: ARS

Is there a timeline when Sonic will implement RPKI?
bgp.png
BGP
bgp.png (30.41 KiB) Viewed 7602 times
by tcsf108 » Mon Apr 20, 2020 9:31 am
https://isbgpsafeyet.com/

Your ISP (Sonic Telecom (Sonic.net, Inc.), AS46375) does not implement BGP safely.

It should be using RPKI to protect the Internet from BGP hijacks.

Details

fetch https://valid.rpki.cloudflare.com
correctly accepted valid prefixes

fetch https://invalid.rpki.cloudflare.com
incorrectly accepted invalid prefixes

Attachments

by anthony.n » Mon Apr 20, 2020 10:36 am
We are aware of this issue and we are working on implementing RPKI as soon as we can! We will let you know when an update goes live or when we have a better ETA from our engineers.
by alexis.frasz » Sat May 02, 2020 9:43 am
Please do update us on the ETA. We love Sonic, but this is a serious concern that, sadly, will make us reconsider our options if unaddressed.
by skyweir » Mon Nov 27, 2023 10:38 am
Hi Guys,

We're 3 years out now and this still has not been adopted. What happened?
by nathanpayne » Tue Nov 12, 2024 10:26 am
I see from https://isbgpsafeyet.com/ that Sonic does not implement BGP safely. Given the security risk, is there a fix on the roadmap?

fetch https://valid.rpki.isbgpsafeyet.com
correctly accepted valid prefixes

fetch https://invalid.rpki.isbgpsafeyet.com
incorrectly accepted invalid prefixes
by jerrielm » Tue Nov 12, 2024 12:53 pm
Hello!

We are signing our ROAs but not validating/rejecting from our peers yet. We are moving to validation with our top peers in the coming months and will continue to roll that project forward with more and more of our peers as time progresses.

Best Wishes!
8 posts Page 1 of 1

Who is online

In total there are 2 users online :: 0 registered, 0 hidden and 2 guests (based on users active over the past 5 minutes)
Most users ever online was 2877 on Wed Sep 25, 2024 9:53 pm

Users browsing this forum: No registered users and 2 guests