[194894] in North American Network Operators' Group
Re: IPv4 Hijacking For Idiots
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Tue Jun 6 21:18:17 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <20170607011341.1F1AD7B4653C@rock.dv.isc.org>
From: Christopher Morrow <morrowc.lists@gmail.com>
Date: Tue, 6 Jun 2017 21:16:05 -0400
To: Mark Andrews <marka@isc.org>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Tue, Jun 6, 2017 at 9:13 PM, Mark Andrews <marka@isc.org> wrote:
>
> In message <CAL9jLaZNRdE0gL4nVn93vhv1BOBtx0EKgJet8pVXa3Mve1Gy_Q@mail.
> gmail.com>, Christopher Morrow writes:
> >
> > On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews <marka@isc.org> wrote:
> >
> > > Now we could continue discussing how easy it is to hijack addresses
> > > of we could spend the time addressing the problem. All it takes is
> > > a couple of transit providers to no longer accept word-of-mouth and
> > > the world will transition overnight.
> >
> > i don't think any transit providers were used in the previous thread
> worth
> > of examples/comms...
> > I don't know that IXP folk either:
> > 1) want to be the police of this
> > 2) should actually be the police of this (what is internet abuse? from
> > who's perspective? oh...)
> >
> > The 'solution' here isn't new though... well, one solution anyway:
> > https://tools.ietf.org/html/rfc6810
>
> You missed the point. We have the mechanisms to prevent hijacking
> today. We just need to use them and stop using the traditional
>
apologies for taking your bait.
> mechanisms which cannot be mathematically be verified as correct.
>
>
i agree.
> Getting to that stage requires several companies to simultaneously
> say "we will no longer accept <list> as valid mechanisms to verify
> routes announcements. You need to use X or else we won't accept
> the announcement". Yes, this requires guts to do.
>
>
agreed here as well.
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
>
