[102753] in North American Network Operators' Group
Re: YouTube IP Hijacking
daemon@ATHENA.MIT.EDU (Simon Leinen)
Tue Feb 26 06:07:34 2008
From: Simon Leinen <simon.leinen@switch.ch>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: "Paul Wall" <pauldotwall@gmail.com>, nanog@merit.edu,
"Darrell Tanno" <dtanno@pccwglobal.com>
In-Reply-To: <2963F824-DAA3-4310-8136-3C76F28B3296@muada.com> (Iljitsch van
Beijnum's message of "Mon, 25 Feb 2008 10:27:47 +0100")
Date: Tue, 26 Feb 2008 11:36:09 +0100
Errors-To: owner-nanog@merit.edu
Iljitsch van Beijnum writes:
> Well, if they had problems like this in the past, then I wouldn't
> trust them to get it right. Which means that it's probably a good
> idea if EVERYONE starts filtering what they allow in their tables
> from PCCW. Obviously that makes it very hard for PCCW to start
> announcing new prefixes, but I can't muster up much sympathy for
> that.
> So basically, rather than generate routing registry filters for the
> entire world, generate routing registry filters for known careless
> ASes. This number should be small enough that this is somewhat
> doable. [...]
Maybe, but how much would that help?
So you suggest that we only need to filter against AS7007, AS9121, and
AS17557. Personally, those are among the ones I least worry about -
maybe I'm naive, but I'd hope they or their upstreams have learned
their lessons.
The problem is that nobody knows which of the other 25000+ ASes will
be the next AS7007. So I guess we have to modify your suggestion
somewhat and, in addition to filtering the "known-careless" also
filter the "unknown-maybe-careful" class. Oops, that leaves only the
"known-careful" class, which includes... my own AS, and then whom?
--
Simon.
