On Mon, Nov 17, 2014 at 09:46:33AM +0100, Gert Doering wrote:
> > Also, RIPE-resident hijackers can just as easily place validating
> > route objects for these hijacked RIPE-issued IP blocks into the RIPE
> > DB as they can for any other hijacked blocks taken from any other
> > region(s).
>
> No... the RIPE DB prevents route: objects for RIPE (NCC-issued) networks
> by checking the maintainer authentication for inetnum: and aut-num: - so
> unless the address holder is careless ("pick a 5 character easily guessable
> password" or "reference a well-known maintainer") it is much harder to do,
> if not impossible.
>
> Now, I hear what you're saying and I look at 188.229.1.0/24 and wonder
> what has happened, and why "whois --list-versions" isn't showing me the
> update/creation history for the /24 route...
You need to query as following to retrieve the history of route objects:
$ whois -h whois.ripe.net -- '--list-versions 188.229.1.0/24AS43890'
> Now, looking at the route:
>
> route: 188.229.1.0/24
> descr: Netserv-Client
> origin: AS43890
> mnt-by: NETSERV-MNT
> changed: [email protected] 20130820
> source: RIPE
>
> ... it claims to have been created in the time between (changed: is not
> authoritative, but in this case looks plausible).
The history lists: "1 2014-05-12 18:23 ADD/UPD"
Kind regards,
Job
