[routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)
- Previous message (by thread): [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)
- Next message (by thread): [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Sun Nov 3 20:13:51 CET 2019
Hi, On Sun, Nov 03, 2019 at 07:12:54PM +0300, Alexander Azimov wrote: > Let discuss the next scenario: there are two prefixes: x.x.0.0/24 and > x.x.1.0/24, first one assigned to an ISP, second - unallocated. The > proposal suggests that RIPE should create ROA with AS0 for x.x.1.0/24. Will > it stop an attacker from squatting this address space? > > The answer will be No. An attacker will still be able to hijack x.x.0.0/23, > which will have an 'unknown' status and will be passed on, as a result > finally capturing traffic for x.x.1.0/24. This is unfortunate. But indeed, it would make this change far less effective for the cases I had in mind. So I am reconsidering and joining the "it might be somewhat beneficial, but there are more important RPKI things to fix" camp. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://lists.ripe.net/ripe/mail/archives/routing-wg/attachments/20191103/dfd1bdd9/attachment.sig>
- Previous message (by thread): [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)
- Next message (by thread): [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]