Thanks & Let's Prevent this in the Future.
Mark Tinka
mtinka at globaltransit.net
Mon Feb 6 05:01:20 UTC 2012
On Thursday, February 02, 2012 01:00:43 AM George Bonser
wrote:
> One problem is the number of routing registries and the
> requirements differ for them. The nefarious operator
> can enter routes in an IRR just as easily as a
> legitimate operator. There was a time when some
> significant networks used the IRRs for their filtration
> policy. I'm not sure how many still do.
I've dealt with AfriNIC and APNIC WHOIS databases, and they
normally control the 'inetnum' and inet6num' entries that go
into the WHOIS databases. So there is some degree of
certainty that what is in there is generally true.
You're right, anyone can create an IRR record, and it's
quite terrible how easy it is to create false information
that could break another person's network. This is why we
don't generally trust IRR or PeeringDB data when verifying
downstream prefixes which we should permit through our
filters. We rely on the RIR 'inetnum' and 'inet6num' records
for that.
My memory fails me on what ARIN do, but before AfriNIC was
established and the majority of Africa's prefixes were
allocated by RIPE and ARIN, I recall the ARIN policy (SWIP
templates, et al) being a hassle-rich experience that
anything else is long forgotten :-).
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120206/c1be930d/attachment.sig>
More information about the NANOG
mailing list