IPv4 Hijacking For Idiots
Mark Andrews
marka at isc.org
Wed Jun 7 01:13:41 UTC 2017
In message <CAL9jLaZNRdE0gL4nVn93vhv1BOBtx0EKgJet8pVXa3Mve1Gy_Q at mail.gmail.com>, Christopher Morrow writes:
>
> On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews <marka at isc.org> wrote:
>
> > Now we could continue discussing how easy it is to hijack addresses
> > of we could spend the time addressing the problem. All it takes is
> > a couple of transit providers to no longer accept word-of-mouth and
> > the world will transition overnight.
>
> i don't think any transit providers were used in the previous thread worth
> of examples/comms...
> I don't know that IXP folk either:
> 1) want to be the police of this
> 2) should actually be the police of this (what is internet abuse? from
> who's perspective? oh...)
>
> The 'solution' here isn't new though... well, one solution anyway:
> https://tools.ietf.org/html/rfc6810
You missed the point. We have the mechanisms to prevent hijacking
today. We just need to use them and stop using the traditional
mechanisms which cannot be mathematically be verified as correct.
Getting to that stage requires several companies to simultaneously
say "we will no longer accept <list> as valid mechanisms to verify
routes announcements. You need to use X or else we won't accept
the announcement". Yes, this requires guts to do.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list