[db-wg] source: field for non RIPE address space
- Previous message (by thread): [db-wg] source: field for non RIPE address space
- Next message (by thread): [db-wg] restrict usage of RIPE-NCC-RPSL-MNT
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Piotr Strzyzewski
Piotr.Strzyzewski at polsl.pl
Fri Nov 14 22:45:07 CET 2014
On Fri, Nov 14, 2014 at 11:15:22AM +0000, Nick Hilliard wrote: Hi > There's been a bit of media panic recently about registration of non RIPE > address space in the RIPE IRRDB, e.g. > > > http://krebsonsecurity.com/2014/11/network-hijackers-exploit-technical-loophole > > The premise is that if you can register a prefix in a routing registry, > this will give you the ability to inject a prefix into the DFZ. > > We'll ignore the fact that what you actually need to inject a prefix into > the DFZ is a complicit transit provider and that most transit providers > don't use the IRRDBs for bgp leaf filtering anyway, and even if they did, > there are plenty of other IRRDBs where this information can be registered. > > But that aside, some organisations use IRRDB information extensively, > particularly IXPs running route servers. Many of these organisations > filter on source: because of the amount of trash in alternative IRRDBs. > > So, could the RIPE NCC database people consider using a different source: > value for non RIPE address space, so that it would be possible for irrdb > users to easily filter out authoritative data from non authoritative data? > > E.g. 185.6.36.0/22 might continue to have "source: RIPE", but a prefix like > "210.57.192.0/20" might have "source: RIPE-NONAUTH". This is a good idea, taking into account comments made by Kaveh. We should not throw the baby out with the bathwater. Piotr -- gucio -> Piotr Strzyżewski E-mail: Piotr.Strzyzewski at polsl.pl
- Previous message (by thread): [db-wg] source: field for non RIPE address space
- Next message (by thread): [db-wg] restrict usage of RIPE-NCC-RPSL-MNT
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]