This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] Defining routing abuse

Previous message (by thread): [anti-abuse-wg] Defining routing abuse
Next message (by thread): [anti-abuse-wg] Defining routing abuse

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Töma Gavrichenkov ximaera at gmail.com
Sat Apr 13 16:50:32 CEST 2019

On Sat, Apr 13, 2019 at 3:55 PM Doug Madory <douglas.madory at oracle.com> wrote:
> > Should that also be treated as a policy violation? This is clearly intentional.
> I believe what’s described in the Qrator article could be a leaking route optimizer (like Noction) not a new hijack type.

Probably. The title of the article refers mostly to the imaginary case
in the "ideal attack" section, not to the particular incident.

But, anyway, it is a hijack by perception: the LIR managing the
prefixes didn't authorize the split announcement. Also, frankly, it's
not really clear if it's an optimizer just *leaking* or that's on
purpose.

My point is exactly that: figuring out whether there's an intent
behind a routing violation or not is hard.

--
Töma

Previous message (by thread): [anti-abuse-wg] Defining routing abuse
Next message (by thread): [anti-abuse-wg] Defining routing abuse

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]