[Olsr-users] Rogue gateways [was: Sticky gateway]

[Juliusz Chroboczek]

> Another thing I want to drop in here: I believe when we have gateway  
> selection we should also consider more security.
> We are sometimes seeing misconfigured HNA 0/0 gateways. The freifunk  
> firmware gets rid of those by a trick, but by default OLSRd would not.
> That is just an example of a security problem that needs to be  
> addressed.
> The bigger the mesh networks become (and olsrd scales pretty nicely  
> now for some time CPUwise) the more we will be running into security  
> problems.
> Any *good* papers recently  on that topic which are worth a look at?  
> (emphasis is on good)

Not to my knowledge.

There's a lot of litterature on securing routing protocols.  The approaches
I'm familiar with include:

  - manually filtering rogue routes in protocoles that allow manual
    filtering (Google for ``bogons list'');
  - securing neighbour associations (the BGP ``hop count'' hack, BGP MD5,
    OSPF security);
  - using a PKI to secure route announcements (sBGP);
  - using a lightweight cryptographic hash to secure router identity
    (references somewhere in my notes).

Obviously, what we'd want for mesh networks is a way to intrinsically
secure routing information, independent of a PKI.  Some work on that has
been done with SEND (RFC 3971), but it doesn't directly apply to mesh
networks.

                                        Juliusz