Hi, (please see inline) On Fri, 1 Nov 2019, Gert Doering wrote:
Hi,
On Fri, Nov 01, 2019 at 07:09:42AM +0100, Job Snijders wrote:
So we really have to wonder whether this is worth it, or whether a few emails or phone calls can also solve the issue.
Isn't that the whole question underlying RPKI deployment?
What is it that we want to stop with RPKI? Only classic "prefix hijacking" (announcing space that is formally delegated somewhere)
With RPKI alone, mistakes. But when in doubt if network X has rights over network Y, it's rather simple to ask network X to create a proper ROA for network Y. If that *doesn't* happen, maybe some conclusions can be drawn. (there is a recent thread on the NANOG list where someone raised that "feature"...)
or other misuses of BGP, like "announce unallocated space, use that for spamming or other sorts of network attacks, withdraw announcement before people can track things back to you".
From *one* computer security emergency response team's angle: RPKI is a good first step. Then, hopefully, ASPA can be added at some point.
Playing the quick withdraw game will only work (and it is working, i suspect!) until people start understanding they need to log who announces what to them (24/7/365). Speaking about "network attacks" -- there is a lot of focus about the address space being hijacked, while major focus should be on those who receive the announcements. While it's terrible for the people/networks being impersonating, the potential targets are really everyone... ps: i wish to express support for 2019-08 in its current form. Cheers, Carlos
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279