IPv4 Hijacking For Idiots
marka at isc.org
Wed Jun 7 00:26:40 CST 2017
In message <1496754899.2014592.1000384072.3E55368A at webmail.messagingengine.com>, Scott Christopher writes:
> Hank Nussbacher wrote:
> > 2. Create a domain called acme-corp.com and a user called peering
> Or one could register aÑme.com
> (If the reader can't tell the difference between acme.com and aÑme.com ,
> the reader is using one of the multitude of email clients and/or fonts
> that presents Unicode poorly.)
> > 3. Contact an IX, preferably not one in a Westernized, clueful area:
> > https://en.wikipedia.org/wiki/List_of_Internet_exchange_points
> I don't think the ordinary Westernized IX is immune to this. Any system
> requiring human scrutiny is only as secure as the laziest human employed
> by it. Don't underestimate the "too busy to check this crap"
> attitude and its potential for serious problems.
Route hijacking is theoretically preventable. You have machines
verify the bonifides. This does require that people take the time
to get the bonifides machines can process but we do have the tech
to do this.
Now we could continue discussing how easy it is to hijack addresses
of we could spend the time addressing the problem. All it takes is
a couple of transit providers to no longer accept word-of-mouth and
the world will transition overnight.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG