On Mon, Nov 17, 2014 at 09:46:33AM +0100, Gert Doering wrote:
Also, RIPE-resident hijackers can just as easily place validating route objects for these hijacked RIPE-issued IP blocks into the RIPE DB as they can for any other hijacked blocks taken from any other region(s).
No... the RIPE DB prevents route: objects for RIPE (NCC-issued) networks by checking the maintainer authentication for inetnum: and aut-num: - so unless the address holder is careless ("pick a 5 character easily guessable password" or "reference a well-known maintainer") it is much harder to do, if not impossible.
Now, I hear what you're saying and I look at 188.229.1.0/24 and wonder what has happened, and why "whois --list-versions" isn't showing me the update/creation history for the /24 route...
You need to query as following to retrieve the history of route objects: $ whois -h whois.ripe.net -- '--list-versions 188.229.1.0/24AS43890'
Now, looking at the route:
route: 188.229.1.0/24 descr: Netserv-Client origin: AS43890 mnt-by: NETSERV-MNT changed: ripe@netserv.ro.REMOVE 20130820 source: RIPE
... it claims to have been created in the time between (changed: is not authoritative, but in this case looks plausible).
The history lists: "1 2014-05-12 18:23 ADD/UPD" Kind regards, Job