nanog mailing list archives
Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)
From: Blake Dunlap <ikiris () gmail com>
Date: Wed, 1 Feb 2012 15:35:08 -0600
On Wed, Feb 1, 2012 at 15:21, George Bonser <gbonser () seven com> wrote:
The problem is no one will actually blacklist a big ASN because its not in the individual best interest, which scales greatly with size. RPKI is pretty much the only real fix for this if the chain until the major carrier refuses to delist, and RPKI has it's own issues. -BlakeSadly, you're right. But my guess is that such a blacklisting would have to be done for only a very short period of time and once it is done once or twice, it would never need to be done again. But it probably is too big a hammer. Until there is some sort of registry that is the source of truth and is easy to use (distributed?), we're going to keep repeating this process.
The issue isn't getting the AS blacklisted, the issue is getting people to use the blacklist. Would you trust your router accepting entire ASNs to someone else's list? Would your boss agree to allow others to shut down access to a potentially major entity on the internet for something that doesn't directly impact you? I just don't see it ever happening, and anything short of that is no deterrent for the above. If you can't target the enablers with any kind of stick, then the only other option is RPKI which prevents the actual hijack, but that has it's own issues, due to the same benefits. -Blake
Current thread:
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks), (continued)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Antonio Querubin (Feb 01)
- RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) George Bonser (Feb 01)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) David Conrad (Feb 01)
- RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) George Bonser (Feb 01)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Chris Adams (Feb 01)
- RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Nathan Eisenberg (Feb 01)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Chris Adams (Feb 01)
- RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) George Bonser (Feb 01)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Blake Dunlap (Feb 01)
- RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) George Bonser (Feb 01)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Blake Dunlap (Feb 01)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) David Conrad (Feb 01)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Ray Soucy (Feb 02)
- RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Nathan Eisenberg (Feb 02)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Eric Brunner-Williams (Feb 02)
- RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) George Bonser (Feb 02)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Jimmy Hess (Feb 02)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Jared Mauch (Feb 01)
- RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) George Bonser (Feb 01)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Mark Andrews (Feb 01)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Seth Mattinen (Feb 01)
- Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks) Jimmy Hess (Feb 01)