Hi,
(please see inline)
On Fri, 1 Nov 2019, Gert Doering wrote:
Hi,
On Fri, Nov 01, 2019 at 07:09:42AM +0100, Job Snijders wrote:
So we really have to wonder whether this is worth it, or whether a few
emails or phone calls can also solve the issue.
Isn't that the whole question underlying RPKI deployment?
What is it that we want to stop with RPKI? Only classic "prefix hijacking"
(announcing space that is formally delegated somewhere)
With RPKI alone, mistakes.
But when in doubt if network X has rights over network Y, it's rather
simple to ask network X to create a proper ROA for network Y.
If that *doesn't* happen, maybe some conclusions can be drawn.
(there is a recent thread on the NANOG list where someone raised that
"feature"...)
or other misuses
of BGP, like "announce unallocated space, use that for spamming or other
sorts of network attacks, withdraw announcement before people can track
things back to you".
From *one* computer security emergency response team's angle:
RPKI is a good first step. Then, hopefully, ASPA can be added at some
point.
Playing the quick withdraw game will only work (and it is working, i
suspect!) until people start understanding they need to log who announces
what to them (24/7/365).
Speaking about "network attacks" -- there is a lot of focus about the
address space being hijacked, while major focus should be on those who
receive the announcements. While it's terrible for the people/networks
being impersonating, the potential targets are really everyone...
ps: i wish to express support for 2019-08 in its current form.
Cheers,
Carlos
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
