[149474] in North American Network Operators' Group
Re: Thanks & Let's Prevent this in the Future.
daemon@ATHENA.MIT.EDU (Mark Tinka)
Mon Feb 6 00:02:14 2012
From: Mark Tinka <mtinka@globaltransit.net>
To: nanog@nanog.org
Date: Mon, 6 Feb 2012 13:01:20 +0800
In-Reply-To: <596B74B410EE6B4CA8A30C3AF1A155EA09C9E402@RWC-MBX1.corp.seven.com>
Reply-To: mtinka@globaltransit.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--nextPart1963657.nFkJimJEsD
Content-Type: Text/Plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
On Thursday, February 02, 2012 01:00:43 AM George Bonser=20
wrote:
> One problem is the number of routing registries and the
> requirements differ for them. The nefarious operator
> can enter routes in an IRR just as easily as a
> legitimate operator. There was a time when some
> significant networks used the IRRs for their filtration
> policy. I'm not sure how many still do.
I've dealt with AfriNIC and APNIC WHOIS databases, and they=20
normally control the 'inetnum' and inet6num' entries that go=20
into the WHOIS databases. So there is some degree of=20
certainty that what is in there is generally true.
You're right, anyone can create an IRR record, and it's=20
quite terrible how easy it is to create false information=20
that could break another person's network. This is why we=20
don't generally trust IRR or PeeringDB data when verifying=20
downstream prefixes which we should permit through our=20
filters. We rely on the RIR 'inetnum' and 'inet6num' records=20
for that.
My memory fails me on what ARIN do, but before AfriNIC was=20
established and the majority of Africa's prefixes were=20
allocated by RIPE and ARIN, I recall the ARIN policy (SWIP=20
templates, et al) being a hassle-rich experience that=20
anything else is long forgotten :-).
Mark.
--nextPart1963657.nFkJimJEsD
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQIcBAABAgAGBQJPL16jAAoJEGcZuYTeKm+GBnkQAK6EEMMJ3x8f5gQkrpTTjb22
3IlMVyrWhvZmHfvMrVj/qKH7aizmR05fREmtjAAMueRw94C52OYQ/2Qw6TEQI+a9
zuKS7fw/MuNdPB94IGU20SO9k2DPBE8Sx4LBk7Xx3SRMwCMowaqJfdBDGRLhSXss
HbZ9fU0WZFPdxW0+lflXAVF1PN4v9/6BvIyaOoCo8VmMtrR4Y2PyFCovaykSSD3Y
Cwy9ZyDIuJK81TxpGiWSNMqO7/KIXlqDgSyMK0c9JS2k4oYPWJeUIjYdBfBmrxGY
PJ9IdbFpnr6hOHv6/m+VtDbftFVK7icMR+G6UDcTMdZrzuNDbuC+vRlNExEihiL3
2HhEjbz47A696BHG3+fKTFli0EAqa6PhVKm5MfwDrdHwkzsxxuXY04kg2xmvoBsa
a5OxSfXFQLUMIZkZ3Uq13Lq3gmjeNZH8enqHsAxSLq3jZW8uKpy62ZwlVbrUKoXg
7S5zAJJi+NuipHiNcVFifIM1MfgCaAzeJGhlSJ5KsQxvdFcdH+tqaKwJyrEdijv+
nTsBwe5iMsOUhipcUPuScDAdduT7jr/56KG6obxeZQt6sZvATVZmvEYpK+pOX4J/
YbOev4kWLtuGI214VsRnDhzLx0y/AG3nsJR00MRz/GYH3IAjO+BI5cB/mg/Pkb8I
XEr01YWhm69PJ6KLfT/V
=pUDA
-----END PGP SIGNATURE-----
--nextPart1963657.nFkJimJEsD--
