[149403] in North American Network Operators' Group
Re: Thanks & Let's Prevent this in the Future.
daemon@ATHENA.MIT.EDU (Arturo Servin)
Fri Feb 3 07:17:46 2012
From: Arturo Servin <aservin@lacnic.net>
In-Reply-To: <CANEysbEnLj4ck7EZsL14KS9KHvOH_+z8K3TexB81HdTmiyng0w@mail.gmail.com>
Date: Fri, 3 Feb 2012 10:16:01 -0200
To: Kelvin Williams <kwilliams@altuscgi.com>
X-LACNIC.uy-MailScanner-From: aservin@lacnic.net
Cc: nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
One option is to use RPKI and origin validation. But it won't =
help much unless prefix holders create their certificates and ROAs and =
networks operators use those to validate origins. It won't solve all the =
issues but at least some fat fingers/un-expierience errors.
We are running an experiment to detect route-hijacks/missconf =
using RPKI. So far, not many routes are "signed" but at least we can =
periodically check our own prefix (or any other with ROAs) to detect =
some inconsistencies:
=
http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/pfx/200.7.84.0=
/
http://www.labs.lacnic.net/rpkitools/looking_glass/
Regards,
-as
=09
On 1 Feb 2012, at 06:58, Kelvin Williams wrote:
> First off, I'd like to thank everyone on this list who have reached =
out
> today and offered us help with our hijacked network space. It's so
> refreshing to see that there are still so many who refuse to leave a
> man/woman down.
>=20
> I'm not going to place any blame, its useless. There were lies, there =
were
> incompetencies, and there was negligence but that is now water under =
the
> bridge.
>=20
> However, I think that we as network operators have a duty to each =
other to
> make sure we don't allow a downstream customer wreck the operations of
> another entity who has been rightfully allocated resources.
>=20
> A few months ago, when establishing a new peering relationship I was
> encouraged (actually required) to utilize one of the IRRs. I took the =
time
> to register all of my routes, ASNs, etc. However, as I learned today, =
this
> was probably done in vain. Too many people won't spend the extra
> 30-seconds to verify the information listed there or in ARINs WHOIS.
>=20
> I don't care what a customer tells me, too many times I've found they
> aren't 100% honest either for malicious/fraudulent reasons or they are
> unknowing. So, for our networks or the networks we manage, we want to
> verify what a customer is saying to prevent what happened to us today.
>=20
> I'd like to get a conversation going and possibly some support of an
> initiative to spend that extra 30-seconds to verify ownership and
> authorization of network space to be advertised. Additionally, if =
someone
> rings your NOC's line an industry-standard process of verifying =
"ownership"
> and immediately responding by filtering out announcements. There's no =
sense
> in allowing a service provider to be impaired because a spammer =
doesn't
> want to give up clean IP space. Do you protect a bad customer or the
> Internet as a whole? I pick the Internet as a whole.
>=20
> How can we prevent anyone else from ever enduring this again? While =
we may
> never stop it from ever happening, spammers (that's what we got hit by
> today) are a dime a dozen and will do everything possible to hit an =
Inbox,
> so how can we establish a protocol to immediate mitigate the effects =
of an
> traffic-stopping advertisement?
>=20
> I thought registering with IRRs and up-to-date information in ARINs =
WHOIS
> was sufficient, apparently I was wrong. Not everyone respects them, =
but
> then again, they aren't very well managed (I've got several networks =
with
> antiquated information I've been unable to remove, it doesn't impair =
us
> normally, but its still there).
>=20
> What can we do? Better yet, how do we as a whole respond when we =
encounter
> upstream providers who refuse to look at the facts and allow another =
to
> stay down?
>=20
> kw
>=20
> --=20
> Kelvin Williams
> Sr. Service Delivery Engineer
> Broadband & Carrier Services
> Altus Communications Group, Inc.
>=20
>=20
> "If you only have a hammer, you tend to see every problem as a nail." =
--
> Abraham Maslow
