Thanks & Let's Prevent this in the Future.

Mark Tinka mtinka at
Mon Feb 6 05:01:20 UTC 2012

On Thursday, February 02, 2012 01:00:43 AM George Bonser 

> One problem is the number of routing registries and the
> requirements differ for them.  The nefarious operator
> can enter routes in an IRR just as easily as a
> legitimate operator.  There was a time when some
> significant networks used the IRRs for their filtration
> policy.  I'm not sure how many still do.

I've dealt with AfriNIC and APNIC WHOIS databases, and they 
normally control the 'inetnum' and inet6num' entries that go 
into the WHOIS databases. So there is some degree of 
certainty that what is in there is generally true.

You're right, anyone can create an IRR record, and it's 
quite terrible how easy it is to create false information 
that could break another person's network. This is why we 
don't generally trust IRR or PeeringDB data when verifying 
downstream prefixes which we should permit through our 
filters. We rely on the RIR 'inetnum' and 'inet6num' records 
for that.

My memory fails me on what ARIN do, but before AfriNIC was 
established and the majority of Africa's prefixes were 
allocated by RIPE and ARIN, I recall the ARIN policy (SWIP 
templates, et al) being a hassle-rich experience that 
anything else is long forgotten :-).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the NANOG mailing list