Sandra Murphy wrote:
On Tue, Aug 14, 2018 at 07:58:00PM +0000, nusenu wrote:
I'm currently estimating how "vulnerable" certain IP addresses are to BGP hijacking.
To do that, I put them into different categories (multiple can apply):
a) RPKI validity state is "NotFound" (no ROA) and IP located in a prefix shorter than /24 (IPv4) or /48 (IPv6) b) Valid ROA but weak maxlength c) Valid ROA with proper maxlength
Are “weak” and “proper” defined in terms of presence or absence in the global routing update database?
I probably should have used the same wording as the related Internet-Draft uses: weak: a "loose ROA" proper: a "minimal ROA" as described in: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpkimaxlen
You say ‘estimating how “vulnerable”’, so this is an ordering, right? (a) is most vulnerable?
correct, my assumption is that (a) is most vulnerable.
I’m wondering how this vulnerability order applies to IRR route objects as well.
I also looked at IRR coverage [1] but I only considered RIPE's IRR because most prefixes I analyzed were from the RIPE region and RIPE has the best data quality/authorization checks. [1] Figure 6: https://medium.com/@nusenu/how-vulnerable-is-the-tor-network-to-bgp-hijackin... kind regards, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu