[110688] in North American Network Operators' Group
Re: Anyone notice strange announcements for 174.128.31.0/24
daemon@ATHENA.MIT.EDU (Sandy Murphy)
Tue Jan 13 15:49:28 2009
To: nanog@nanog.org, patrick@ianai.net
In-Reply-To: <CDADB6A9-274E-4FAE-BEAD-31222F87D6DD@ianai.net>
Date: Tue, 13 Jan 2009 15:41:46 -0500 (EST)
From: sandy@tislabs.com (Sandy Murphy)
Cc: sandy@tislabs.com
Errors-To: nanog-bounces@nanog.org
>> It should be pointed out that pre-provisioned AS_Path filters and
>> prefix-lists would actually be effective at defeating this and
>> preventing someone who is actually malicious from using this
>> technique. This is an excellent argument for implementing SIDR...
>
>Finally we agree. Although I am not certain SIDR is the optimal
>answer, we agree it would solve the problem.
The sidr wg is working on protection of the origination of the
route - so the origin AS in the AS_PATH is known to be authorized
to originate routes to the prefix.
That's not full AS_PATH protection. sidr is not doing full AS_PATH protection.
Yet.
Protecting the origination is not sufficient, everyone recognizes that.
But protecting the origination is necessary for eventual full AS_PATH
protection, so we're not wasting our time, either.
Feel free to chime in on the sidr list about wanting full path protection.
As loud as you like.
--Sandy
