Re: Suggestion for unallocated IP-Space

[Bruce Campbell <]

On Wed, 13 Mar 2002, Philip Smith wrote:

> Kurt, check out http://www.apnic.net/meetings/13/sigs/routing/index.html -
> Geoff Huston proposed a mechanism for exactly what you are asking... Action
> item on me (as Routing SIG chair) to talk to APNIC/ARIN/RIPENCC...
> Shouldn't be hard to set up a simple system which people can get an
> eBGP-multihop feed listing the unused addresses.

There are two problems from my personal PoV:

	a) administrative overhead of multiple eBGP feeds.  ( I mention
	   this for completeness )

	b) Loss of the service in the midst of a DoS attack.

With (b), if you are depending on the service to protect yourself from
spoofed IP attacks apparently originating from unused space, then an
attack focused on the distribution channel (ie, router at each end, or
transit in-between) may open you up to the attack you are supposedly
protecting yourself against.

The distribution channel attack may also take the form of impersonating
the RIR end of the eBGB feed, as could happen with any unsecured (e)BGP
connection (the information is only as good as the method used to get it).

Randy's point about liability is well taken.  Any such service would be
intended for use as informational only.  What you do with such information
is your problem, and not that of the Registry.

 From a technical perspective, providing the same information in RBL-style
DNS zones is also doable in addition to/instead of eBGP.  Retrieving the
information in the first place is simple, deciding how to distribute it is
another matter ;)

Regards,


-- 
                             Bruce Campbell                            RIPE
                   Systems/Network Engineer                             NCC
                 www.ripe.net - PGP562C8B1B                      Operations