[164885] in North American Network Operators' Group
Re: questions regarding prefix hijacking
daemon@ATHENA.MIT.EDU (Mark Andrews)
Wed Aug 7 20:21:59 2013
To: Paul Ferguson <fergdawgster@gmail.com>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Wed, 07 Aug 2013 02:03:45 -0700."
<CANQy6Fb2cv+bdtaz7LVx0G_D0FbxJYqSr=ki5Hfm_9QOum1cnw@mail.gmail.com>
Date: Thu, 08 Aug 2013 10:20:21 +1000
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <CANQy6Fb2cv+bdtaz7LVx0G_D0FbxJYqSr=ki5Hfm_9QOum1cnw@mail.gmail.com>
, Paul Ferguson writes:
> On Wed, Aug 7, 2013 at 1:58 AM, Saku Ytti <saku@ytti.fi> wrote:
>
> > On (2013-08-07 11:20 +0300), Martin T wrote:
> >
> >> on Internet? Has there been such situations in history? Isn't there a
> >> method against such hijacking? Or have I misunderstood something and
> >> this isn't possible?
> >
> > Certainly practical scenario, but in many cases not needed at all. In most
> > cases upstream does not do any automatic prefix filter generation, it's
> > maybe somewhat popular in mid-sized european shops but generally not too
> > common.
> >
> > There is active on-going work to secure BGP and you may want to read up on
> > 'RPKI' which is further along that track.
> >
>
> I hope it has better adoption than BCP38/BCP84. :-)
SIDR should help with BCP38/BCP84 as it allows correct filters to
be securely built.
Mark
> - ferg
>
> --
> "Fergie", a.k.a. Paul Ferguson
> fergdawgster(at)gmail.com
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
