[anti-abuse-wg] [routing-wg] AS43890
- Previous message (by thread): [anti-abuse-wg] [routing-wg] AS43890
- Next message (by thread): [anti-abuse-wg] [routing-wg] AS43890
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at instituut.net
Mon Nov 17 10:53:09 CET 2014
On Mon, Nov 17, 2014 at 09:46:33AM +0100, Gert Doering wrote: > > Also, RIPE-resident hijackers can just as easily place validating > > route objects for these hijacked RIPE-issued IP blocks into the RIPE > > DB as they can for any other hijacked blocks taken from any other > > region(s). > > No... the RIPE DB prevents route: objects for RIPE (NCC-issued) networks > by checking the maintainer authentication for inetnum: and aut-num: - so > unless the address holder is careless ("pick a 5 character easily guessable > password" or "reference a well-known maintainer") it is much harder to do, > if not impossible. > > Now, I hear what you're saying and I look at 188.229.1.0/24 and wonder > what has happened, and why "whois --list-versions" isn't showing me the > update/creation history for the /24 route... You need to query as following to retrieve the history of route objects: $ whois -h whois.ripe.net -- '--list-versions 188.229.1.0/24AS43890' > Now, looking at the route: > > route: 188.229.1.0/24 > descr: Netserv-Client > origin: AS43890 > mnt-by: NETSERV-MNT > changed: ripe at netserv.ro.REMOVE 20130820 > source: RIPE > > ... it claims to have been created in the time between (changed: is not > authoritative, but in this case looks plausible). The history lists: "1 2014-05-12 18:23 ADD/UPD" Kind regards, Job
- Previous message (by thread): [anti-abuse-wg] [routing-wg] AS43890
- Next message (by thread): [anti-abuse-wg] [routing-wg] AS43890
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]