On Mar 9, 2014, at 23:52 , Sanjeev Gupta <[email protected]> wrote: > > On Wed, Mar 5, 2014 at 5:19 PM, Owen DeLong <[email protected]> wrote: > >> And any person deciding to announce 1.2.3.0/24 to the open network, would >> have to face a massive traffic storm anyway. prop-109 by Geoff Huston >> mentions the traffic flowing to certain easily-remembered ranges. Assuming >> that 1.2.3.0/24 gets even 50Mbps of traffic if I announce it to the >> Internet, that is till still an expensive pipe, and probably not worth it on >> the off-chance that a random user will use it and allow "evil me" to >> redirect him to the particular bank that he is a member of, and which I am >> forging a website for. >> > Never underestimate the willingness of a malefactor to subject hosts he > controls (but probably doesn't own) or even hosts he doesn't necessarily > control to vast quantities of traffic. > > Owen, > > Can you give me an example of what would be the scenario here? Assuming I am > the upstream ISP of the "hosts I control, willing to subject them to vast > quantities of traffic". Would I announce 1.2.3.0/24 upstream, and point it > to my customer's link?
I'm not assuming that the upstream ISP would be the malefactor. That is, in fact, a rather odd assumption, is it not? OTOH, if you are a malefactor that wants to turn your botnet into anycasted DNS servers to issue incorrect redirections to others, getting said botnet (or its upstream routers if you are able to control them somehow) to announce 1.2.3.0/24 really doesn't pose any problem to you as a result of the traffic it generates. > Or would I announce 1.2.3.0/24 from another ISP's origin AS? Not sure how that would work or help other than in an attempt to cover your tracks. > How would (evil me) be able to hurt hosts other than on _my_ network? You are assuming that you are doing this with routers you own (in the commercial sense of the word). I am assuming someone doing this with routers that they control (in the enable access sense of the word) but do not own (in the commercial sense of the word). Malefactors these days are rather well known for using other people's equipment to carry out their misdeeds, or are you unfamiliar with the term "botnet"? > I am not doubting that people would not want to misuse this, but how would > this work in the case you have outlined? I hope I have adequately clarified. Owen
* sig-policy: APNIC SIG on resource management policy * _______________________________________________ sig-policy mailing list [email protected] http://mailman.apnic.net/mailman/listinfo/sig-policy
