This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15

Previous message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15
Next message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Suresh Ramasubramanian ops.lists at gmail.com
Fri Apr 5 01:43:39 CEST 2019

You might find a hijacked prefix advertised solely to a single asn at an ix where it peers, and this for the purpose of spamming to or otherwise attacking whoever owns the asn.  Most of these targeted announcements might not even be visible to anyone else.

—srs

________________________________
From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of Nick Hilliard <nick at foobar.org>
Sent: Friday, April 5, 2019 3:19 AM
To: Carlos Friaças
Cc: anti-abuse-wg at ripe.net; Ronald F. Guilmette
Subject: Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15

Carlos Friaças via anti-abuse-wg wrote on 04/04/2019 21:58:
> On Thu, 4 Apr 2019, Ronald F. Guilmette wrote:
>> Wny have Tier 1 providers not stepped up and done a much better job
>> of policing hijacks better than they have done?
>
> Not all hijacks reach the so-called DFZ.
>
> "Partial visibility" hijacks can happen without touching any of the
> Tier-1s....

People generally hijack prefixes in order to make money. If hijacked
prefixes are not generally visible in the internet, then the value of
the hijacking is a good deal lower because the reach is smaller.

In order to stop something like hijacking from being a problem, you
don't need to make it impossible to perpetrate - you just need to reduce
the value to the point that it's not worth doing it.

What makes hijacking attractive is when transit service providers don't
filter ingress prefixes from their customers. The value of hijacking at
an IXP will be proportional to the size of the IXP and whether the IXP
has implemented filtering policies at their route servers. Direct
peering sessions are troublesome, as they generally don't implement
prefix filtering.

But transit providers are where the bulk of the problem lies, and where
efforts need to be concentrated in order to handle the issue. MANRS is
one part of this effort.

Nick

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190404/0ad87640/attachment.html>

Previous message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15
Next message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 89, Issue 15

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]