[6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation

Jeroen Massar jeroen@unfix.org
Mon, 19 May 2003 13:26:03 +0200

Previous message: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation
Next message: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gert Doering wrote:

<SNIP>

> > This could also be refined. Not all 2001::/16 has been delegated to
> > RIRs. ARIN got a block, RIPE got a block, APNIC got a 
> block, but there
> > still is some undelegated space. The drawback of refining 
> to that level
> > is that it will inevitably induce a situation similar to 
> 69/8 and will
> > require maintenance, but the other side of that coin is 
> that it would
> > prevent people from hijacking prefixes from undelegated space.
> 
> Someone else already commented on this.  As the address space 
> is pretty
> sparsely populated, people still would be able to hijack addresses 
> (like "2001:609::/32", which is adjacent to our /32, but 
> right now just unallocated).

*whisper in ear* not after tonight when the bogon reporting gets active
:)

Things that it does cover already:
 - unallocated prefixes
 - wrong source ASN's

Though ofcourse one could bypass that when using the registered source
ASN.
That could be detected if we knew every 'upstream' for that prefix...

Greets,
 Jeroen

Previous message: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation
Next message: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]