[6bone] Re: FYI: Notification of 6BONE Database changes (fwd)
Jeroen Massar
jeroen@unfix.org
Sun, 29 Jun 2003 17:52:11 +0200
Bill Manning wrote:
> the hijackers are now active w/ IPv6. it must be viable :)
That the 6bone registry doesn't have any mnt-lower mechanism
is the biggest problem. The second problem is that most person
objects don't have a maintainer field, thus can be played around
at will. One could attempt to clean the database from 'odd'
entries, but because of the simple point that there is no
mnt-lower one can't protect against this and it will be dirt
all over again in a few moments time. Registering multiple
person objects and not throwing out the bad ones is also one
thing that can be seen quite easily in the 6bone db.
If one really wants to 'hijack' some space, just announce it
in BGP, nearly all 'transits' (if you can call them that) will
happily announce anything you push into them.
This is not hijacking, it's just simple mere usage.
If it was RIPE/APNIC/ARIN db's that where toyed with
then it would have been hijacking... but they fortunatly
have mnt-lowers ;) But apparently the 6bone db doesn't
check for maintainer attributes, so that would be futile
then. We have to be glad that the notify attribute works.
<SNIP>
> % - From-Host: jazz.viagenie.qc.ca(206.123.31.2)
> % - Date: 20030628
> % - Time: 09:48:02
Shouldn't From-Host include the original source address.
As this probably just is the Viagenie webinterface but
which host really triggered this registration?
Also why doesn't jazz communicate in IPv6 ? :)
Maybe the webinterface could quite easily prevent the
hijacking behaviour by checking for existing objects?
And ofcourse check the maintainer attribute.
Greets,
Jeroen