This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] AS43890
- Previous message (by thread): [anti-abuse-wg] AS43890
- Next message (by thread): [anti-abuse-wg] AS43890
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sander Steffann
sander at steffann.nl
Mon Nov 17 09:21:23 CET 2014
Hi Ronald, > It now seems certain to me that the absence of anything even remotely > approximating proper validation of RIPE route objects is not, in fact, > a problem which is limited to just inter-RiR situations. Apparently, > RIPE member LIRs can just as easily hijack the IP blocks of other > RIPE members as they can in the case of IP blocks belonging to parties > in other regions. I don't think so... To be able to create the route object route: 188.229.1.0/24 descr: Netserv-Client origin: AS43890 mnt-by: NETSERV-MNT source: RIPE Authorisation from both the address block inetnum: 188.229.0.0 - 188.229.63.255 netname: LTE-4G descr: new service for data country: IR admin-c: RL7844-RIPE tech-c: RL7844-RIPE status: ASSIGNED PA mnt-by: MCCI-MNT source: RIPE and the AS number aut-num: AS43890 as-name: NETSERV-AS descr: Netserv Consult SRL [...] org: ORG-SNCS6-RIPE status: ASSIGNED mnt-by: NETSERV-MNT mnt-by: RIPE-NCC-END-MNT mnt-routes: NETSERV-MNT source: RIPE is required. So the route cannot be created unless MCCI-MNT and NETSERV-MNT both authorise it. I understand that the route objects look a little weird, but what makes you think that it is an authorisation problem in the RIPE DB that made it possible for someone to create them? Cheers, Sander
- Previous message (by thread): [anti-abuse-wg] AS43890
- Next message (by thread): [anti-abuse-wg] AS43890
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]