[6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking
Andy Furnell
andy@ipng.org.uk
Thu, 15 May 2003 09:25:44 +0100
On Wed, May 14, 2003 at 07:00:18AM -0700, David Kessens wrote:
>
>
> Andy,
>
> On Mon, May 12, 2003 at 07:37:46AM +0100, Andy Furnell wrote:
> >
> > This is a nice idea, but given that there's no IPv6 routing registry,
> > the administrative overhead of manually generating filters can get
> > seriously cumbersome (especially given that IPv6 efforts for most
> > providers still seem to be done on a part-time basis).
>
> This is not entirely true. The 6bone registry does contain routing
> information.
>
> You can build filters using the 'prefix:' and 'origin:' attributes of
> the 6bone registry (note that multiple prefixes are allowed in the
> 'prefix:' attribute).
>
> However, just as with the ipv4 routing registry, this might not be a
> good idea to do with peers because of the absence of a netpolice
> department that enforces (correct) registrations in the registry (you
> should be able to enforce consistent data for your customers though).
>
> David K.
Not just this, but any information in these objects is instantly
devalued as I can see no hierarchical authentication system in place
(i.e. there's nothing to stop me putting whatever the hell I want in my
ipv6site object... if my peers/upstreams are building their filters
automagically from this information I've just gained the ability to
hijack whatever space I want :)
Interesting note about the RPSLng from Gert... Hopefully if the RIRs
are able to adopt this quickly, enough pressure can be placed on ISPs
to make sure their objects are kept up to date from the very beginning.
Andy
--
Andy Furnell
andy@ipng.org.uk