Hi Ronald, > It now seems certain to me that the absence of anything even remotely > approximating proper validation of RIPE route objects is not, in fact, > a problem which is limited to just inter-RiR situations. Apparently, > RIPE member LIRs can just as easily hijack the IP blocks of other > RIPE members as they can in the case of IP blocks belonging to parties > in other regions.
I don't think so... To be able to create the route object route: 188.229.1.0/24 descr: Netserv-Client origin: AS43890 mnt-by: NETSERV-MNT source: RIPE Authorisation from both the address block inetnum: 188.229.0.0 - 188.229.63.255 netname: LTE-4G descr: new service for data country: IR admin-c: RL7844-RIPE tech-c: RL7844-RIPE status: ASSIGNED PA mnt-by: MCCI-MNT source: RIPE and the AS number aut-num: AS43890 as-name: NETSERV-AS descr: Netserv Consult SRL [...] org: ORG-SNCS6-RIPE status: ASSIGNED mnt-by: NETSERV-MNT mnt-by: RIPE-NCC-END-MNT mnt-routes: NETSERV-MNT source: RIPE is required. So the route cannot be created unless MCCI-MNT and NETSERV-MNT both authorise it. I understand that the route objects look a little weird, but what makes you think that it is an authorisation problem in the RIPE DB that made it possible for someone to create them? Cheers, Sander
