Verizon FIOS does NOT provide important network security known as BGP
glnzglnz
Contributor - Level 3

  

I sent this email to the Verizon Executive Escalation Team today.  You might also try to contact Vz about this:

Dear Vz Executive Escalation team – I am a big fan of Verizon FIOS, have just renewed and have recommended FIOS to friends and family. On occasion, your exec. escalation team has helped very nicely with minor problems.

However, per today’s article in Ars Technica, Verizon as ISP is NOT providing an important network-wide type of security known as BGP, for Border Gateway Protocol. As a result, huge amounts of internet traffic – your internet traffic -- have been diverted through Chinese and Russian servers.

The details are at this article on Ars Technica: https://arstechnica.com/information-technology/2020/04/new-cloudflare-tool-can-tell-you-if-your-isp-... 

I have confirmed that Verizon does NOT provide this type security by trying cloudflare's BGP check, at this page: https://isbgpsafeyet.com/ 

The results for me are these, both at home and at work (as my company uses Verizon Business FIOS):

FAILURE
Your ISP (Verizon, AS701) does not implement BGP safely. It should be using RPKI to protect the Internet from BGP hijacks.
Details
fetch https://valid.rpki.cloudflare.com
correctly accepted valid prefixes
fetch https://invalid.rpki.cloudflare.com
incorrectly accepted invalid prefixes

That cloudflare site, https://isbgpsafeyet.com/ , explains the protection if you scroll down the page.

Please advise when Verizon will correctly implement this type of security.

Thanks.

  

Tags (3)
1 Solution

Correct answers
Re: Verizon FIOS does NOT provide important network security known as BGP
jonjones1
Legend

as was pointed out to you here:

https://www.dslreports.com/forum/r32727898-Vz-FIOS-does-NOT-provide-important-network-security-for-B...

there is no need to contact verizon and this is much to do about nothing.

View solution in original post

Re: Verizon FIOS does NOT provide important network security known as BGP
AnDirTeM
Enthusiast - Level 1

Thanks for posting this! I came to the Verizon site today because tested my FiOS connection on https://isbgpsafeyet.com/ and discovered that Verizon is behind the times on BGP security.

I rely on Verizon to deliver fast, secure internet. Verizon should implement RPKI to guard against malicious BGP mis-routing. 

RPKI seems to be similar to SHAKEN and STIR, the protocols that telcos have to implement to avoid Robocalls. RPKI, SHAKEN and STIR are all about the ISP/Telco confirming they know who they're talking to. It's about preventing spam, It's about preventing hacking.

These technologies have been around for years, but Verizon is still sitting on their hands. Please secure the network!

Re: Verizon FIOS does NOT provide important network security known as BGP
glnzglnz
Contributor - Level 3

The important thing is to contact Verizon about this.  They need to be shamed into fixing this.

Re: Verizon FIOS does NOT provide important network security known as BGP
milhans1
Enthusiast - Level 3

Thank you for posting this alarming security hole in Verizon’s network.  I don’t think I have many choices.  I have a choice for Verizon FiOS or Comcast internet from the telephone pole outside my house.  It seems that Comcast also has the same issue with BGP.

0 Likes
Re: Verizon FIOS does NOT provide important network security known as BGP
jonjones1
Legend

as was pointed out to you here:

https://www.dslreports.com/forum/r32727898-Vz-FIOS-does-NOT-provide-important-network-security-for-B...

there is no need to contact verizon and this is much to do about nothing.

Border Gateway Protocal
drunner26_2
Newbie

https://isbgpsafeyet.com/ 

Your ISP failed the test.  FIX!

0 Likes
Re: Border Gateway Protocal
gs0b
Community Leader
Community Leader

1) You're talking to other users here, not Verizon.

2) Network engineers say this is a non issue.  Do some research.

If you want to get upset at Verizon about network issues, demand IPv6.