AS8003 and U.S. Department of Defense routing
Greetings friends, I though that you all might like to be aware of this: https://apnews.com/article/technology-business-government-and-politics-b26ab... Regards, rfg
Ronald, Interesting, thanks. I've also been reading Geoff Heuston on this, albeit with a different focus to the AP article. https://labs.apnic.net/?p=1431 Brian Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Ronald F. Guilmette <rfg@tristatelogic.com> Sent: Sunday 25 April 2021 10:26 To: routing-wg@ripe.net <routing-wg@ripe.net>; anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: [anti-abuse-wg] AS8003 and U.S. Department of Defense routing CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. Greetings friends, I though that you all might like to be aware of this: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapnews.com... Regards, rfg
interesting wg to do routing security analysis. as i do really not know the dod's or their proxy's motive(s), i can not say much about their tactics let alone strategy. i do know, and have actually seen and experienced, part of 11/8 being used as if it was 1918 space; ripe bologna was the first time. and the food in that town was fantastic! a /8 telescope would pick up leakage patterns as well as the current shotgun blast of announcements (i presume folk have looked at the actual announcements). i would naïvely think that the /8 might be slightly more easily analyzed than the pieces. maybe, as the telescope analysis shows focused leaks, they are trying to disrupt those focused uses with these focused announcements. but, if an op is using 11.12.666.0/23 internally, would they be careless enough to accept an exogenous announcement of that space? i guess i should not underestimate carelessness. is some random (small, i hope) isp using my address space internally as 1918 equivalent abusive, beyond their customers maybe not be able to reach my network? if so, maybe the vigilantes are looking in the wrong direction. randy --- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
Randy, Ah, I don't know how that happened, but Ronald X-posted to Routing and I managed not to. Don't worry, we're not trying to steal their family jewels. 🙂 Brian Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________ From: Randy Bush <randy@psg.com> Sent: Tuesday 27 April 2021 16:22 To: Brian Nisbet <brian.nisbet@heanet.ie> Cc: Anti Abuse WG <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] AS8003 and U.S. Department of Defense routing CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. interesting wg to do routing security analysis. as i do really not know the dod's or their proxy's motive(s), i can not say much about their tactics let alone strategy. i do know, and have actually seen and experienced, part of 11/8 being used as if it was 1918 space; ripe bologna was the first time. and the food in that town was fantastic! a /8 telescope would pick up leakage patterns as well as the current shotgun blast of announcements (i presume folk have looked at the actual announcements). i would naïvely think that the /8 might be slightly more easily analyzed than the pieces. maybe, as the telescope analysis shows focused leaks, they are trying to disrupt those focused uses with these focused announcements. but, if an op is using 11.12.666.0/23 internally, would they be careless enough to accept an exogenous announcement of that space? i guess i should not underestimate carelessness. is some random (small, i hope) isp using my address space internally as 1918 equivalent abusive, beyond their customers maybe not be able to reach my network? if so, maybe the vigilantes are looking in the wrong direction. randy --- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
In message <m2v987eorb.wl-randy@psg.com>, Randy Bush <randy@psg.com> wrote:
interesting wg to do routing security analysis.
To be 100% clear, it was not my intention that anyone here should attempt to engage in any sort of "security analysis" with respect to the current rather inexplicable routing for much DoD IPv4 address space. I just posted here because, as I said, I felt some folks here might find the information interesting.
as i do really not know the dod's or their proxy's motive(s), i can not say much about their tactics let alone strategy.
Neither do I. Nor do I even much care. It's their space. They can do whatever the hell they want with it. The only reason that any of this is even intersting is because it all is really rather bizzare. Why did they even need to bother with a goofy shell company? It's silly, really, and it didn't actually hide anything.
is some random (small, i hope) isp using my address space internally as 1918 equivalent abusive, beyond their customers maybe not be able to reach my network? if so, maybe the vigilantes are looking in the wrong direction.
Which "vigilantes" would those be, exactly? Regards, rfg
[ brian lured me into the abuse circle; so reposting with routing ] interesting wg to do routing security analysis. as i do really not know the dod's or their proxy's motive(s), i can not say much about their tactics let alone strategy. i do know, and have actually seen and experienced, part of 11/8 being used as if it was 1918 space; ripe bologna was the first time. and the food in that town was fantastic! a /8 telescope would pick up leakage patterns as well as the current shotgun blast of announcements (i presume folk have looked at the actual announcements). i would naïvely think that the /8 might be slightly more easily analyzed than the pieces. maybe, as the telescope analysis shows focused leaks, they are trying to disrupt those focused uses with these focused announcements. but, if an op is using 11.12.666.0/23 internally, would they be careless enough to accept an exogenous announcement of that space? i guess i should not underestimate carelessness. is some random (small, i hope) isp using my address space internally as 1918 equivalent abusive, beyond their customers maybe not be able to reach my network? if so, maybe the vigilantes are looking in the wrong direction. randy --- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
participants (3)
-
Brian Nisbet -
Randy Bush -
Ronald F. Guilmette