questions regarding prefix hijacking

Mark Andrews marka at isc.org
Thu Aug 8 00:20:21 UTC 2013


In message <CANQy6Fb2cv+bdtaz7LVx0G_D0FbxJYqSr=ki5Hfm_9QOum1cnw at mail.gmail.com>
, Paul Ferguson writes:
> On Wed, Aug 7, 2013 at 1:58 AM, Saku Ytti <saku at ytti.fi> wrote:
> 
> > On (2013-08-07 11:20 +0300), Martin T wrote:
> >
> >> on Internet? Has there been such situations in history? Isn't there a
> >> method against such hijacking? Or have I misunderstood something and
> >> this isn't possible?
> >
> > Certainly practical scenario, but in many cases not needed at all. In most
> > cases upstream does not do any automatic prefix filter generation, it's
> > maybe somewhat popular in mid-sized european shops but generally not too
> > common.
> >
> > There is active on-going work to secure BGP and you may want to read up on
> > 'RPKI' which is further along that track.
> >
> 
> I hope it has better adoption than BCP38/BCP84. :-)

SIDR should help with BCP38/BCP84 as it allows correct filters to
be securely built.

Mark

> - ferg
> 
> -- 
> "Fergie", a.k.a. Paul Ferguson
>  fergdawgster(at)gmail.com
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the NANOG mailing list