IPv4 Hijacking For Idiots

Mark Andrews marka at isc.org
Wed Jun 7 01:13:41 CST 2017


In message <CAL9jLaZNRdE0gL4nVn93vhv1BOBtx0EKgJet8pVXa3Mve1Gy_Q at mail.gmail.com>, Christopher Morrow writes:
>
> On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews <marka at isc.org> wrote:
>
> > Now we could continue discussing how easy it is to hijack addresses
> > of we could spend the time addressing the problem.  All it takes is
> > a couple of transit providers to no longer accept word-of-mouth and
> > the world will transition overnight.
>
> i don't think any transit providers were used in the previous thread worth
> of examples/comms...
> I don't know that IXP folk either:
>   1) want to be the police of this
>   2) should actually be the police of this (what is internet abuse? from
> who's perspective? oh...)
>
> The 'solution' here isn't new though... well, one solution anyway:
>   https://tools.ietf.org/html/rfc6810

You missed the point.  We have the mechanisms to prevent hijacking
today.  We just need to use them and stop using the traditional
mechanisms which cannot be mathematically be verified as correct.

Getting to that stage requires several companies to simultaneously
say "we will no longer accept <list> as valid mechanisms to verify
routes announcements.  You need to use X or else we won't accept
the announcement".  Yes, this requires guts to do.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the NANOG mailing list