Re: IPv4 Hijacking For Idiots

[Christopher Morrow <morrowc.lists () gmail com>]

On Tue, Jun 6, 2017 at 9:13 PM, Mark Andrews <marka () isc org> wrote:

> In message <CAL9jLaZNRdE0gL4nVn93vhv1BOBtx0EKgJet8pVXa3Mve1Gy_Q@mail.
> gmail.com>, Christopher Morrow writes:
> > On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews <marka () isc org> wrote:
> >
> > > Now we could continue discussing how easy it is to hijack addresses
> > > of we could spend the time addressing the problem.  All it takes is
> > > a couple of transit providers to no longer accept word-of-mouth and
> > > the world will transition overnight.
> >
> > i don't think any transit providers were used in the previous thread
> worth
> > of examples/comms...
> > I don't know that IXP folk either:
> >   1) want to be the police of this
> >   2) should actually be the police of this (what is internet abuse? from
> > who's perspective? oh...)
> >
> > The 'solution' here isn't new though... well, one solution anyway:
> >   https://tools.ietf.org/html/rfc6810
>
> You missed the point.  We have the mechanisms to prevent hijacking
> today.  We just need to use them and stop using the traditional

apologies for taking your bait.


> mechanisms which cannot be mathematically be verified as correct.
i agree.


> Getting to that stage requires several companies to simultaneously
> say "we will no longer accept <list> as valid mechanisms to verify
> routes announcements.  You need to use X or else we won't accept
> the announcement".  Yes, this requires guts to do.
agreed here as well.


> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka () isc org