nanog mailing list archives
RE: Pitfalls of _accepting_ /24s
From: "Terry Baranski" <tbaranski () mail com>
Date: Thu, 16 Oct 2003 20:02:59 -0400
jlewis wrote:
On the topic of announcing PA /24's, what procedures do you take to make sure that a new customer who want's to announce a few PA (P being one or more P's other than yourself) IP space is legit and should be announcing that IP space?
I'm also interested in hearing current practices on this for PA space, PI space, or whatever. With UUNet and Qwest all I've had to do is make a phone call. I don't know whether or not whois was checked before the changes were made. I think this is important because what seems to be the current, fairly-lax policies on this negates some of the benefit of edge anti-spoof filtering. If, for example, it's quick & easy to contact an ISP posing as a customer (or maybe the customer is doing the evil deeds themselves, so no posing is necessary) and get IP block X allowed through the ISP's BGP/anti-spoof filters for that customer, what good have the filters done? If we want ISPs to put forth the effort to deploy filters on all their edge links, it seems silly for it to be so easy for one to socially engineer their spoofed packets right through them.
Personally, I just check whois, and if it looks legit, I'll listen to those routes and even create their route objects as necessary, since some of our upstreams require that.
If everyone checked whois it would at least put an end to the unencouraging amount of unallocated prefixes one can find in the BGP tables at any given time. But it's also not difficult for someone with bad intentions to find space that is allocated per whois but not advertised by anyone. So it seems like additional verification steps may be needed if we're serious about wanting to put an end to spoofed packets. -Terry
Current thread:
- RE: Pitfalls of annoucing /24s, (continued)
- RE: Pitfalls of annoucing /24s H. Michael Smith, Jr. (Oct 15)
- Re: Pitfalls of annoucing /24s Phil Rosenthal (Oct 15)
- Re: Pitfalls of annoucing /24s Andy Ellifson (Oct 15)
- Re: Pitfalls of annoucing /24s K. Scott Bethke (Oct 15)
- Re: Pitfalls of annoucing /24s Phil Rosenthal (Oct 15)
- RE: Pitfalls of annoucing /24s H. Michael Smith, Jr. (Oct 15)
- RE: Pitfalls of annoucing /24s Forrest (Oct 15)
- RE: Pitfalls of annoucing /24s H. Michael Smith, Jr. (Oct 15)
- RE: Pitfalls of annoucing /24s H. Michael Smith, Jr. (Oct 15)
- RE: Pitfalls of annoucing /24s Forrest (Oct 15)
- Re: Pitfalls of annoucing /24s Marshall Eubanks (Oct 18)
- Pitfalls of _accepting_ /24s jlewis (Oct 18)
- RE: Pitfalls of _accepting_ /24s Terry Baranski (Oct 18)
- RE: Pitfalls of _accepting_ /24s Howard C. Berkowitz (Oct 18)
- Re: Pitfalls of annoucing /24s Marshall Eubanks (Oct 18)
- Re: Pitfalls of annoucing /24s Brian Bruns (Oct 18)
- RE: Pitfalls of annoucing /24s Peter E. Fry (Oct 18)