Building Trust Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

Dear Network Operators, Where Are Your MANRS?!

As we just published over on the MANRS blog, we are approaching the second anniversary of launching the MANRS initiative in which network operators from around the globe work together to improve the security and resilience of the global routing system. We have just published a press release about MANRS and are working to increase MANRS’ visibility in wider circles.

We have now grown to over 40 network operators. From the press release: “As networks have come under increased stress from corporations, governments and other actors, not all benign, the visibility of the Internet’s routing infrastructure as a critical component has become as high as that of the Domain Name System (DNS) or other core infrastructure,” said Olaf Kolkman, Chief Internet Technology Officer (CITO) at the Internet Society. “By promoting routing security and resilience, MANRS gives operators a way to demonstrate their commitment to networking excellence, helping to restore trust in the Internet to anxious peers, businesses, customers and individuals.”

We are embarking upon this public relations outreach to inform more network operators about the initiative, grow its membership, and work toward improving routing security for everyone on the Internet.

Read the full release here, and stay tuned for a coverage recap in a few days! You can also follow along on the MANRS Twitter account or MANRS blog for coverage as it comes in.

Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS) Open Internet Standards

MANRS on the Road! Discussing Routing Security in Chicago Next Week

Next week, on Tuesday, 1 September, I’ll be talking about MANRS, routing security, and community collaboration at NANOG on the Road in Chicago. Increasing the adoption of MANRS (Mutually Agreed Norms for Routing Security) is one of our most important activities. More and more operators are signing on, signaling not only their commitment to the actions specified in MANRS but also their commitment to an open Internet that is driven by shared responsibility and collaborative action. We continue to meet with network operators and encourage them to become a part of this ongoing activity.

NANOG on the Road is having its fourth meeting of the year, this time in the Chicago area. These meetings provide opportunities for professional education and networking and cover topics ranging from the current state of IPv6 adoption to developments in Internet Governance. You can read all about the meetings at and the meeting in Chicago next week at

The meeting is open and free, but you must register. I’m speaking in the afternoon on MANRS. I’ll be speaking about the problem, the motivations, the collaborative nature of the MANRS effort, and the specific actions participants are expected to take.

The rest of the agenda is appealing too, with discussions of IPv6 deployment, a primer on BGP, and tutorial on DoS attacks.

I hope you can join me if you’re in the area. Register today!

Building Trust Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS) Technology

Why Network Operators Need to be Concerned – And How MANRS Can Help

Abusing the vulnerabilities of the routing system for various types of malicious activities – like sending spam or spreading malware – is a growing trend. This is the major point I took away from a detailed review Doug Madory from Dyn Research published last week highlighting six examples of bogus routing announcements that represent IP address and ASN squatting or hijacking and path manipulation. As Doug’s analysis suggests, these are not fat fingers, but planned attacks.

Unlike DoS incidents with high public exposure, like YouTube route hijacking, these incidents have less impact on network operations and may go unnoticed for months. The criminals are trying to avoid exposure and often squatting on unused address space, or limiting the propagation of bogus announcements. So on the surface it looks like nothing bad happens in the network, apart from increased volumes of spam, malware and even more difficulty in making attribution and tracking down the criminals.

So do network operators really need to be concerned?

The answer is yes.

There is more to it.

This trend corrodes the global routing system, and as it develops collateral damage will only grow. Let me mention just two aspects of it:

  • Reputation. Network and address blocks have a higher chance of getting into various black lists, which will affect services of network’s customers and users. This might also affect a network’s ability to make peering arrangements.
  • Denial of service. The attackers are less careful sometimes, especially for short and medium-term attacks. They may not bother to check whether the address space they are abusing is used by a network or its customers. And this may result in intermittent service outages that are difficult to debug.

Then why do so many network operators appear unconcerned?

I think, partly, this is an awareness issue and analyses from Dyn Research, BGPmon, and RIPE Labs help articulate the problem better and educate folks. But there are a couple of more fundamental issues at hand:

  • Network protection is in fact in the hands of other networks. To protect the network from hijacking, other networks have to act and take measures.
  • Deploying protective measures often has costs and less obvious benefits for one’s own network. Another way of looking at this, though, is what Paul Vixie calls a “chemical polluter business model” where the profit occurs “here” whereas the costs are shifted onto the larger economy, “down there.”

Yet, we have to break this vicious circle when folks push “toxic waste” into the commons, only to discover that the commons is too polluted to be useful.

And by the way, there is a third aspect of collateral damage – it enforces the perception of some regulators and policy makers that the industry cannot solve this problem on its own and that regulatory action has to be taken.

MANRS – the “Mutually Agreed Norms for Routing Security” document and effort we launched a few months ago – can help here. It contains recommendations that are optimized for low costs and low risk. And it demonstrates a growing group of network operators that are concerned and are willing to take action.

If MANRS recommendations are already implemented in your network – please sign up to give support to this effort and encourage others.

If your network is not already implementing these measures, now is the time to start. By implementing them you will be moving not only your network but the Internet as a whole to a model where one of the Internet¹s core components – its global routing infrastructure – is more secure, resilient, and less prone to abuse. The impacts will be felt on your network as well as others.

Caring collaboratively for our shared resource is the only safe way forward.

Improving Technical Security Open Internet Standards

Routing Resilience at LACNIC21

As we mentioned recently, I had the opportunity to attend the LACNIC 21 meeting in Cancún, Mexico, earlier this month. I’m grateful to the organisers of the LACNOG session for giving me the opportunity to present an update on some Internet Society projects that are underway relating to the resilience and security of the Internet routing system. I was also able to distribute our new infographic on “Collaboration for a secure and resilient Internet” and judging by the speed with which attendees snapped them up from the Internet Society table, I should have brought more!

This was my first time at a LACNIC meeting and it was encouraging to see a lot of representation from the regional networking industry all actively debating the interesting presentations at the mics in the sessions I was able to attend. In my presentation (embedded below) I talked about the Routing Resilience Survey that we launched last November to collect incident data related to routing resilience from an operator’s point of view. This approach allows us not only to filter out false positives – for instance, legitimate configuration changes – but also to record the impact and the severity of the incident.

You can read more about the survey launch, and the initial survey results in “Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are Real Threats.”

I was also able to briefly introduce the Routing Resilience Manifesto which is a new initiative you’ll be hearing a lot more about in the coming months. So watch this space!

ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience from Internet Technology Matters (Internet Society)