[Olsr-users] Rogue gateways [was: Sticky gateway]
Wed Jan 28 19:33:43 CET 2009
> Another thing I want to drop in here: I believe when we have gateway
> selection we should also consider more security.
> We are sometimes seeing misconfigured HNA 0/0 gateways. The freifunk
> firmware gets rid of those by a trick, but by default OLSRd would not.
> That is just an example of a security problem that needs to be
> The bigger the mesh networks become (and olsrd scales pretty nicely
> now for some time CPUwise) the more we will be running into security
> Any *good* papers recently on that topic which are worth a look at?
> (emphasis is on good)
Not to my knowledge.
There's a lot of litterature on securing routing protocols. The approaches
I'm familiar with include:
- manually filtering rogue routes in protocoles that allow manual
filtering (Google for ``bogons list'');
- securing neighbour associations (the BGP ``hop count'' hack, BGP MD5,
- using a PKI to secure route announcements (sBGP);
- using a lightweight cryptographic hash to secure router identity
(references somewhere in my notes).
Obviously, what we'd want for mesh networks is a way to intrinsically
secure routing information, independent of a PKI. Some work on that has
been done with SEND (RFC 3971), but it doesn't directly apply to mesh
More information about the Olsr-users