This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
- Previous message (by thread): [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
- Next message (by thread): [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jens Ott - Opteamax GmbH
jo at opteamax.de
Mon Jun 9 16:20:54 CEST 2014
On 9. Juni 2014 15:53:15 MESZ, Hank Nussbacher <hank at efes.iucc.ac.il> wrote: >At 14:49 09/06/2014 +0200, João Damas wrote: >>Dear all, >>at the recent RIPE 68 meeting there was a discussion about issues >>concerning the re-issue of recovered 16-bit ASNs by the RIPE NCC and >>possible modifications to the content of routing-related attributes in > >>RIPE Database objects, namely the routing policy attributes of autnum >and >>as-set objects. >> >>The observed consensus during the meeting was that: >> >>- the RIPE NCC should not to remove references to recovered ASNs from >>import and export lines, and neither from as-set objects; routing >policies >>are the realm of the object owner and are not related to allocation >data. > >On a related matter, is it possible currently to setup my aut-num that >if >anyone adds my autnum to their import/export/as-set objects I would >receive >a notification about it? Currently the "notify" field only informs me >of >changes to the specific aut-num, not people who reference my aut-num >w/o my >permission? > >If this is not feasible with the system today, would it be possible to >add >this feature? I'll explain the rationale: we have recently discovered >that >hostile aut-num's that intend to perform a BGP hijack, will add the >victims >aut-num to their routing policy or to their unsuspecting upstream. >This >policy is then picked up as legitimate and propogated. By having a >"notify-on-policy" email address field, I would be able to quickly see >who >is planning on hijacking my IP ranges. > >Comments? > I fully support your point. I also observed what you told here. Therefore we enhanced our Prefixlist-Generator doing counter-checks if an import statement also have a corresponding export - statement. Result is, that the prefixlist generation takes about 10 times longer, our caching database grew by factor eight (as we now also need to cache autnum objects of child- and grandchild-objects) ... So a "notify-on-policy" - how you called it - would be very appreciated! BR Jens >Thanks, >Hank > > > > > >!DSPAM:637,5395bdec188062364380171! -- Jens Ott Opteamax GmbH Simrockstr. 4G 53619 Rheinbreitbach Tel. +49 2224 969500 Email: jo at opteamax.de
- Previous message (by thread): [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
- Next message (by thread): [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]