This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] source: field for non RIPE address space
- Previous message (by thread): [db-wg] source: field for non RIPE address space
- Next message (by thread): [db-wg] restrict usage of RIPE-NCC-RPSL-MNT
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Piotr Strzyzewski
Piotr.Strzyzewski at polsl.pl
Fri Nov 14 22:45:07 CET 2014
On Fri, Nov 14, 2014 at 11:15:22AM +0000, Nick Hilliard wrote: Hi > There's been a bit of media panic recently about registration of non RIPE > address space in the RIPE IRRDB, e.g. > > > http://krebsonsecurity.com/2014/11/network-hijackers-exploit-technical-loophole > > The premise is that if you can register a prefix in a routing registry, > this will give you the ability to inject a prefix into the DFZ. > > We'll ignore the fact that what you actually need to inject a prefix into > the DFZ is a complicit transit provider and that most transit providers > don't use the IRRDBs for bgp leaf filtering anyway, and even if they did, > there are plenty of other IRRDBs where this information can be registered. > > But that aside, some organisations use IRRDB information extensively, > particularly IXPs running route servers. Many of these organisations > filter on source: because of the amount of trash in alternative IRRDBs. > > So, could the RIPE NCC database people consider using a different source: > value for non RIPE address space, so that it would be possible for irrdb > users to easily filter out authoritative data from non authoritative data? > > E.g. 185.6.36.0/22 might continue to have "source: RIPE", but a prefix like > "210.57.192.0/20" might have "source: RIPE-NONAUTH". This is a good idea, taking into account comments made by Kaveh. We should not throw the baby out with the bathwater. Piotr -- gucio -> Piotr Strzyżewski E-mail: Piotr.Strzyzewski at polsl.pl
- Previous message (by thread): [db-wg] source: field for non RIPE address space
- Next message (by thread): [db-wg] restrict usage of RIPE-NCC-RPSL-MNT
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]