<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello Amir,<br>
</p>
<div class="moz-cite-prefix">On 5/18/19 1:08 PM, Amir Herzberg
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAHBw0M8rFd4KQ8fhtQhLQskONO7E64p=gqocVnXAQn1-pF6DLQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>This discussion is very interesting, I didn't know about
this problem, it has implications to our work on routing
security, thanks!</div>
</div>
</blockquote>
<p>Your welcome..., since long time ago I wanted to expose our
findings in English.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CAHBw0M8rFd4KQ8fhtQhLQskONO7E64p=gqocVnXAQn1-pF6DLQ@mail.gmail.com">
<div dir="ltr">
<div dir="ltr"><br>
</div>
<div dir="ltr">On Sat, May 18, 2019 at 11:37 AM Alejandro Acosta
<<a href="mailto:alejandroacostaalamo@gmail.com"
target="_blank" moz-do-not-send="true">alejandroacostaalamo@gmail.com</a>>
wrote:<br>
</div>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"><br>
If you learn, let's say, up to /22 (v4), and someone
hijacks one /21 <br>
you will learn the legitimate prefix and the hijacked
prefix. Now, the <br>
owner of the legitimate prefix wants to defends their routes
announcing <br>
/23 or /24, of course those prefixes won't be learnt if they
are filtered.<br>
</blockquote>
<div><br>
</div>
<div>I wonder if this really is a consideration to avoid
filtering small prefixes (e.g. /24):</div>
</div>
</div>
</blockquote>
<p><br>
</p>
<p>My position is exactly the opposite.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CAHBw0M8rFd4KQ8fhtQhLQskONO7E64p=gqocVnXAQn1-pF6DLQ@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
</div>
<div>- attackers are quite likely to do sub-prefix hijacks
(or say a specific /24), so I'm not sure this `hits'
defenders more than it `hits' attackers</div>
</div>
</div>
</blockquote>
<p><br>
</p>
<p>Yes, you are right, but anyhow -IMHO- this still better than not
learning small prefixes at all.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CAHBw0M8rFd4KQ8fhtQhLQskONO7E64p=gqocVnXAQn1-pF6DLQ@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div>- I think we're talking only/mostly about small providers
here, right? as larger providers probably will not have such
problems of tables exceeding router resources.I expect such
small providers normally connect thru several tier-2 or so
providers... if these upper-tier providers get hijacked, the
fact you've prevented this at the stub/multihome ISP may not
help much - we showed how this happens with ROV in our NDSS
paper on it:</div>
<div><a
href="https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/are-we-there-yet-rpkis-deployment-and-security/"
target="_blank" moz-do-not-send="true">https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/are-we-there-yet-rpkis-deployment-and-security/</a> </div>
<div><br>
</div>
</div>
</div>
</blockquote>
<p>You are right here. <br>
</p>
<p>Thanks for the link, I will take a look. <br>
</p>
<p><br>
</p>
<p>Alejandro,<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CAHBw0M8rFd4KQ8fhtQhLQskONO7E64p=gqocVnXAQn1-pF6DLQ@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div> <br>
</div>
<div> </div>
<div style="font-size:12.8px">Amir Herzberg<br>
</div>
<div style="font-size:12.8px">Comcast professor for security
innovation</div>
<div style="font-size:12.8px">Dept. of Computer Science and
Engineering, University of Connecticut</div>
<div style="font-size:12.8px"><br>
<div>
<div dir="ltr" style="font-size:small">
<div style="font-size:12.8px">Foundations of
Cybersecurity: <a
href="https://www.researchgate.net/project/Lecture-notes-on-Introduction-to-Cyber-Security"
target="_blank" moz-do-not-send="true">https://www.researchgate.net/project/Lecture-notes-on-Introduction-to-Cyber-Security</a><br>
</div>
<br>
</div>
</div>
</div>
<div><span style="font-size:12.8px">Homepage: </span><a
href="https://sites.google.com/site/amirherzberg/home"
style="font-size:12.8px" target="_blank"
moz-do-not-send="true">https://sites.google.com/site/amirherzberg/home</a> </div>
</div>
</div>
</blockquote>
</body>
</html>