Re: attribution

I’m using CAIDA’s bgpreader and this one looks like it might be an example of what you want. R|R|1586714402.00|routeviews|route-views.eqix|||2914|206.126.236.12|103.148.41.0/24|206.126.236.12|2914 58717 134371 134371 134371 134371 140076 140076 140076 140076 140076 140076 140076 140076

Re: Tell me about AS19111

> On Feb 6, 2020, at 2:38 PM, b...@theworld.com wrote: > > > It would likely be a lot better than "someone on NANOG noticed a > discrepancy let's shout at each other about it for a few days." Did I miss something? I thought the discrepancy being pointed out was that resources that were

Re: User Unknown (WAS: really amazon?)

Scott, you might want to read "Policy Development Process (PDP)” https://www.arin.net/participate/policy/pdp/ in order to discover just exactly what John means by “If the community developed a policy”. You might also want to join the Public Policy Mailing List, arin-p...@arin.net, to discuss.

Re: CloudFlare issues?

Martijn - i3D.net is not in the list Job posted yesterday of RPKI ROV deployment. Your message below hints that you may be using RPKI. Are you doing ROV? (You may be in the “hundreds of others” category.) —Sandy Begin forwarded message: From: Job Snijders Subject: Re: CloudFlare issues?

Re: Spamming of NANOG list members

So sheer coincidence. Literally. —Sandy > On May 23, 2019, at 7:07 PM, Niels Bakker wrote: > > * sa...@tislabs.com (Sandra Murphy) [Fri 24 May 2019, 00:28 CEST]: >> And it arrived oddly coincident with my visit to the cvent registration >> page. Any others who

Re: Spamming of NANOG list members

Mine came 21 May. It was a .doc. Sent from charter.net, with the user portion of the sender very similar to a nanog contributor. And it arrived oddly coincident with my visit to the cvent registration page. Any others who had that coincidence? —Sandy > On May 23, 2019, at 5:39 PM,

Re: question to the current NANOG keynote speaker (Paul Barford) re: availability of data in PREDICT

, 2018, at 2:04 PM, Sandra Murphy wrote: >>> >>> DHS had a program called PREDICT that made information important for >>> security research available. >>> >>> The follow on is called IMPACT. https://www.impactcybertrust.org >>> >>&

Re: question to the current NANOG keynote speaker (Paul Barford) re: availability of data in PREDICT

Thank you thank you thank you for the person who saw my question and relayed at the mike! —Sandy > On Oct 1, 2018, at 2:04 PM, Sandra Murphy wrote: > > DHS had a program called PREDICT that made information important for security > research available. > > The follow o

question to the current NANOG keynote speaker (Paul Barford) re: availability of data in PREDICT

DHS had a program called PREDICT that made information important for security research available. The follow on is called IMPACT. https://www.impactcybertrust.org The key note speaker said his data was available under PREDICT, perhaps he meant IMPACT. Internet Atlas does show up on the

Re: videos from NANOG73?

Apologies. I fell victim to autocomplete. I did not mean that query to go to the whole list. I’ve forwarded appropriately. —Sandy > On Jul 5, 2018, at 11:11 AM, Sandra Murphy wrote: > > The agenda for NANOG73 is still on the cevent site. The links for slides al

videos from NANOG73?

The agenda for NANOG73 is still on the cevent site. The links for slides all seem to be there, which is good. But only the sessions on Monday morning have links for the videos. I hope that’s not due to a taping failure. I looked in the archive, and the presentations from NANOG73 aren’t

Fwd: [cooperation-wg] Massive IP blockings in Russia

Of possible interest to this group. Forwarding at Alexander’s suggestion, who says he has already shared info in the NANOG facebook group "(with updated prefixlist)". —Sandy > Begin forwarded message: > > From: Alexander Isavnin > Subject: [cooperation-wg] Massive IP

Re: hijacking of 128.255.192.0/22

You are pointing out that 138.255.192.0/22 is the likely cause of the hijack of 128.255.192.0/22, right? (No need to be privately told - that’s straight from the LACNIC Whois) —Sandy > On Mar 20, 2018, at 3:40 PM, Alejandro Acosta > wrote: > > Hello, > >

Re: BGP hijack: 64.68.207.0/24 from as133955

ore S.r.l.) is authorized to originate 69.172.96.0/19. But the aggregate prefix is not being announced. If the AS133955 origination is valid, they really ought to update their ROA. Hm. I am curious about that prefix. Is it being hijacked? Or am I just reading everything wrong? —Sandy > On Oct

Re: BGP hijack: 64.68.207.0/24 from as133955

> On Oct 4, 2017, at 11:29 AM, Theodore Baschak wrote: > > I noticed when I looked into both of these leaks 3 hours after Clinton's > message yesterday that I couldn't see them in any of the looking glasses I > was looking in (including the NLNOG looking glass) > >

Re: Getting an RADB entry removed that was added by a previous peer

Job should also have pointed to http://irrexplorer.nlnog.net (notes "Created by Job Snijders"). It notes multiple route objects (e.g., http://irrexplorer.nlnog.net/search/129.77.0.0/16). IMHO, worth a look or two from time to time for one’s own resources. —Sandy > On Sep 13, 2017, at 7:10

Re: "Defensive" BGP hijacking?

> On Sep 13, 2016, at 8:08 PM, Ca By wrote: > > On Tuesday, September 13, 2016, Doug Montgomery > wrote: > >> If only there were a global system, with consistent and verifiable security >> properties, to permit address holders to declare the set of

Re: Prefix hijacking by AS20115

On Sep 28, 2015, at 11:59 PM, Bob Evans wrote: > > Would be nice if our membership organization ARIN ( that we all pay to > keep us somewhat organized) had an ability to do something for you I > never looked into it...i don't knowmaybe it does ? > No one

Re: Note - ARIN Consultation on proposed Registration Services Agreement Now Open

There’s been no comment on this announcement on this list, but there were a small handful of NANOGers who energetically discussed this on the arin-consult list starting mid-August. On the last day of the comment period (so you might have missed it), a detailed comment was submitted, which

Re: Route leak in Bangladesh

On Jun 30, 2015, at 10:39 AM, Justin M. Streiner strei...@cluebyfour.org wrote: On Tue, 30 Jun 2015, Matsuzaki Yoshinobu wrote: Randy Bush ra...@psg.com wrote A friend in AS58587 confirmed that this was caused by a configuration error - it seems like related to redistribution, and they

Re: Route leak in Bangladesh

On Jun 30, 2015, at 9:41 AM, Job Snijders j...@instituut.net wrote: In addition to the BGP community scheme, outbound as-path filters could help. Most network's list of transit providers is fairly static, it would be easiy with as-path filters to prevent announcing upstream routes to other

Re: Routing Insecurity (Re: BGP in the Washington Post)

On Jun 10, 2015, at 7:51 AM, Russ White ru...@riw.us wrote: I'm not saying BGPSEC a bad solution for the questions asked -- I'm saying it's is too heavyweight given the tradeoffs, and that we probably started with the wrong questions in the first place. What's needed is to spend some

Re: Routing Insecurity (Re: BGP in the Washington Post)

There have been suggestions that a key-per-AS is easier to manage than a key-per-router, like in provisioning. Key-per-router was brought up as providing the means to excise one misbehaving router that is in some risky sort of environment, which is a different management pain. In terms of

Re: ARIN's RPKI Relying agreement

On Dec 4, 2014, at 12:39 PM, John Curran jcur...@arin.net wrote: On Dec 4, 2014, at 11:35 AM, Christopher Morrow morrowc.li...@gmail.com wrote: Note that the claims that could ensue from an operator failing to follow best practices and then third-parties suffering an major operational

Re: BGP Security Research Question

On Nov 4, 2014, at 8:00 AM, Nick Hilliard n...@foobar.org wrote: On 04/11/2014 12:38, sth...@nethelp.no wrote: These mechanisms do little or nothing to protect against unauthorized origination of routing information. There are plenty of examples which say it has *not* been enough, see for

Re: BGP Security Research Question

On Nov 4, 2014, at 8:45 AM, Yuri Slobodyanyuk y...@yurisk.info wrote: Let me disagree - Pakistan Youtube was possible only because their uplink provider did NOT implement inbound route filters . As always the weakest link is human factor - and no super-duper newest technology is ever to help

Re: ARIN / RIR Pragmatism (WAS: Re: RADB)

Other RIR based RIRs have the same ability to protect prefixes in their realm of control. (See RFC 2725 RPSS)(*) (I think that APNIC is doing pretty much as RIPE is.) Even RIPE is not secure for prefixes outside their region. (There's one maintainer that anyone can use to register anything

Re: ARIN / RIR Pragmatism (WAS: Re: RADB)

IRR usage, training, tools, and better hygiene, perhaps expressly validated from resource certification from either RPKI You might be interested in the draft-ietf-sidr-rpsl-sig-05.txt, which suggests using RPKI to protect RPSL objects. That would help solve the trust problem in the current

Re: Why is .gov only for US government agencies?

On Oct 21, 2014, at 11:08 AM, David Conrad d...@virtualized.org wrote: On Oct 20, 2014, at 10:18 PM, Barry Shein b...@world.std.com wrote: Not that anyone is looking for a solution but I suppose one possible solution would be to use the two-letter cctld then gov like parliament.uk.gov or

Re: Why is .gov only for US government agencies?

By the time of RFC1591, March 1994, authored by Jon Postel, said: GOV - This domain was originally intended for any kind of government office or agency. More recently a decision was taken to register only agencies of the US Federal government in this domain. No

Re: Prefix hijacking, how to prevent and fix currently

On Aug 29, 2014, at 6:08 AM, Job Snijders j...@instituut.net wrote: On Fri, Aug 29, 2014 at 06:39:32PM +0900, Randy Bush wrote: Loose mode would drop failing routes, iff there is covering (i.e. less specific is ok) route already in RIB. isn't that exactly the hole punching attack? No, as