However, reading the paper, the "AR" (allocated+routed) traffic they received, 35% or so, covered traffic which theoretically should have been routed more specifically but their covering prefix effectively captured instead.
I.e., oops. One can presume that this traffic that showed at least mid-stream sessions (and not SYNs) was for prefixes where "upstreams" had a more-specific route that hadn't propagated down to Merit's direct upstreams, for some reason. 88% of the total traffic (if I read it right) was SYN (12%) or SYNACK (76%) in the 3-month dataset, mostly on ports 80 and 443. I.e., valid destination webserver trying to establish the handshake unable to find a route back to a (theoretically properly allocated and routed) source. At the very least this raises a question as to whether it's wise to allow such experiments, where a significant amount of apparently valid traffic (allocated, and for which routing info was identified in further research) gets effectively MITMed as it flows. That may not have been the intention; the theory that "oh, more specific will just override our research announcement" is colorable. But the actual data shows the assumptions fails; they did intercept a lot of legit (or apparently legit) traffic. Hence, oops, and perhaps we should not let this happen again. On Fri, Mar 28, 2014 at 10:05 AM, David Farmer <[email protected]> wrote: > On 3/28/14, 11:57 , Bill Buhler wrote: > >> So if my understanding is correct, they basically performed a routing >> man in the middle attack on live IPv6 prefixes. Pardon my understanding >> level, but how did they keep from creating routing loops and service >> interruptions. I'm also a little concerned about performance and link >> loads. Are my concerns legitimate and inline? >> >> Thanks, >> >> --Bill >> > > This absolutely WAS NOT an attack. They announced a covering prefix, only > traffic with no more specific route would follow this route. Think more > specific default route. > > > > -- > ================================================ > David Farmer Email: [email protected] > Office of Information Technology > University of Minnesota > 2218 University Ave SE Phone: 1-612-626-0815 > Minneapolis, MN 55414-3029 Cell: 1-612-812-9952 > ================================================ > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List ([email protected]). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-ppml > Please contact [email protected] if you experience any issues. > -- -george william herbert [email protected]
_______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
