[149313] in North American Network Operators' Group
Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Wed Feb 1 12:56:13 2012
In-Reply-To: <20120201101219.3A9D7800037@ip-64-139-1-69.sjc.megapath.net>
Date: Wed, 1 Feb 2012 12:55:30 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Hal Murray <hmurray@megapathdsl.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Feb 1, 2012 at 5:12 AM, Hal Murray <hmurray@megapathdsl.net> wrote:
> I'm not a lawyer nor an operator.
>
>> Imagine that instead of www.google.com, it was www.whitehouse.gov
>
>> At some point, I suspect that this gets service to get it fixed RIGHT NO=
W.
>> At some point, the guys informing you it's RIGHT NOW show up with badges=
.
>
> Where is Milo Medin when we need him?
how would he be helping?
>> The question is, when is it badges? =A0It can be construed as a denial o=
f
>> service attack on the addresses' rightful owners. =A0They will respond t=
o any
>> major government site being hijacked. =A0Probably to Apple or Google. =
=A0Likely
>> to a Tier-1 ISPs internal infrastructure.
>
> How long should it take to fix a problem like this?
the YT/pk-telecom incident lasted: 2hr 15mins according to renesys
(http://www.renesys.com/blog/2008/02/pakistan-hijacks-youtube-1.shtml)
I think for a few reasons this ONLY lasted 2hrs... one at least being
pktelecom getting some pain from this hijack, plus they PROBABLY
didn't mean to do what they did. (Oops, we fat-fingered, lets fix
that...)
Why did this take even 2hrs? why is the currrent incident lasting
(lasted?) as long as it has? what system(s) would make this problem
better? Danny refers to 'resource certification', I think he's
pointing at RPKI[1], how far out is this? (seems like ~5+ yrs or so
til useful deployment arrives, not even counting router-code for this
appearing in the main set of deployed devices).
-chris
[1]: <http://www.afrinic.net/membership/certification.htm> (other
RIR's are also represented, this was just the first relevant answer in
bing)
(all discussion of laws is ridiculous... which jurisdiction, which
law, which .... forget about any reasonable answer here)
