Need for historical prefix blacklist (`rogue' prefixes) information

• Previous message (by thread): Need for historical prefix blacklist (`rogue' prefixes) information
• Next message (by thread): possible rsync validation dos vuln
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am very grateful for the help I received from several people (mostly off
list, which is great to avoid spamming the list).

In particular, +Giotsas, Vasileios <v.giotsas at lancaster.ac.uk> , introduced
by Joe Provo, provided a wonderful RIPE resource which provides convenient
API to data from (at least) UCEprotect and SpamHaus, perfectly meeting out
current needs: https://stat.ripe.net/docs/data_api#blocklist.

Let me also use this email to briefly comment on two points from  Matthew
Walster's posts; and Matthew, I really come at peace, I have a lot of
respect for you and your work, but we can also disagree on some things,
right? So:

1. Matthew's email basically seemed to imply intentional hijacks are not a
concern (rare/non-existent?). Few measurement works seem to show the
contrary; I esp. recommend the `Profiling BGP serial hijackers' paper from
IMC'19 by a team of excellent researchers.

2. A bit off-topic, Matthew's response to Dora Crisan seem to imply BGP
eavesdropping for eventual cryptanalysis, possibly using Quantum computing,
isn't a concern. On the one hand, I agree that Quantum computing seems
still quite far from ability to break state-of-art PKC, and it may long
till it becomes practical (if ever). OTOH, it may also not take that long;
also, `conventional' cryptanalysis may still happen, e.g., see
Schnorr's recent paper, ia.cr/2021/232, which claimed to `destroy' RSA
[withdrawn later, so apparently even Schnorr can err - that's part of
science - but this doesn't mean next effort won't succeed or that some
TLA  (three lettered adversaries) didn't succeed already]. TLAs may have
other motivations for eavesdropping, like collecting meta-data. Now, I am
sure many customers and providers may not care about security against such
TLAs, but I think it is legitimate for some people to be concerned.

Best, Amir
-- 
Amir Herzberg

Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and lectures:
 https://sites.google.com/site/amirherzberg/applied-crypto-textbook
<https://sites.google.com/site/amirherzberg/applied-crypto-textbook>




On Thu, Oct 28, 2021 at 7:48 PM Amir Herzberg <amir.lists at gmail.com> wrote:

> Hi NANOGers, for our research on ROV (and ROV++, our extension, NDSS'21),
> we need access to historical data of blacklisted prefixes (due to spam,
> DDoS, other), as well as suspect-hijacks list (beyond BGPstream which we
> already have).
>
> Basically we want to measure if the overlap (and non-overlap) btw such
> `suspect' prefixes and ROV-Invalid prefixes.
>
> Any help would be appreciated. I'm not sure the list would be interested
> so I recommend you respond to me privately; if there are useful responses,
> I could post a summary to the list after few days (of collecting responses,
> if any).
>
> thanks and regards... Amir
> --
> Amir Herzberg
>
> Comcast professor of Security Innovations, Computer Science and
> Engineering, University of Connecticut
> Homepage: https://sites.google.com/site/amirherzberg/home
> `Applied Introduction to Cryptography' textbook and lectures:
>  https://sites.google.com/site/amirherzberg/applied-crypto-textbook
> <https://sites.google.com/site/amirherzberg/applied-crypto-textbook>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20211030/e19d764a/attachment.html>

• Previous message (by thread): Need for historical prefix blacklist (`rogue' prefixes) information
• Next message (by thread): possible rsync validation dos vuln
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]