[routing-wg] /24 prefix "hijackability" metric (defining "better than avg AS")
- Previous message (by thread): [routing-wg] /24 prefix "hijackability" metric (defining "better than avg AS")
- Next message (by thread): [routing-wg] /24 prefix "hijackability" metric (defining "better than avg AS")
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
nusenu
nusenu-lists at riseup.net
Tue Sep 25 22:32:00 CEST 2018
Sandra Murphy wrote: >> On Tue, Aug 14, 2018 at 07:58:00PM +0000, nusenu wrote: >>> I'm currently estimating how "vulnerable" certain IP addresses are to >>> BGP hijacking. >>> >>> To do that, I put them into different categories (multiple can apply): >>> >>> a) RPKI validity state is "NotFound" (no ROA) and IP located in a prefix shorter than /24 (IPv4) or /48 (IPv6) >>> b) Valid ROA but weak maxlength >>> c) Valid ROA with proper maxlength > > Are “weak” and “proper” defined in terms of presence or absence in the global routing update database? I probably should have used the same wording as the related Internet-Draft uses: weak: a "loose ROA" proper: a "minimal ROA" as described in: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpkimaxlen > You say ‘estimating how “vulnerable”’, so this is an ordering, right? (a) is most vulnerable? correct, my assumption is that (a) is most vulnerable. > I’m wondering how this vulnerability order applies to IRR route objects as well. I also looked at IRR coverage [1] but I only considered RIPE's IRR because most prefixes I analyzed were from the RIPE region and RIPE has the best data quality/authorization checks. [1] Figure 6: https://medium.com/@nusenu/how-vulnerable-is-the-tor-network-to-bgp-hijacking-attacks-56d3b2ebfd92 kind regards, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <https://lists.ripe.net/ripe/mail/archives/routing-wg/attachments/20180925/2775b166/attachment.sig>
- Previous message (by thread): [routing-wg] /24 prefix "hijackability" metric (defining "better than avg AS")
- Next message (by thread): [routing-wg] /24 prefix "hijackability" metric (defining "better than avg AS")
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]