[routing-wg] /24 prefix "hijackability" metric (defining "better than avg AS")

Job Snijders wrote:
> On Tue, Aug 14, 2018 at 07:58:00PM +0000, nusenu wrote:
>> I'm currently estimating how "vulnerable" certain IP addresses are to
>> BGP hijacking.
>>
>> To do that, I put them into different categories (multiple can apply):
>>
>> a) RPKI validity state is "NotFound" (no ROA) and IP located in a prefix shorter than /24 (IPv4)  or /48 (IPv6)
>> b) Valid ROA but weak maxlength
>> c) Valid ROA with proper maxlength
>> d) is announced in a /24 prefix (IPv4) or /48 (IPv6)
>> e) = (c) + (d)
> 
> Interesting approach! This is the first time I've seen someone phrase it
> this formally, but you are correct I think.

thanks for the feedback, I'm glad it made some sense.

context: 
I wrote that email while putting together this post:
https://medium.com/@nusenu/how-vulnerable-is-the-tor-network-to-bgp-hijacking-attacks-56d3b2ebfd92
(specifically the "what properties do we consider?" section)

In the end I went ahead with "Approach 2" and used the following definition:

 'we consider all ASes with an AS rank <= 10000 to be “better connected than the attacking AS”'

which split the /24 prefixes I looked at in about half (10 vs. 9 as seen in Figure 3).


kind regards,
nusenu

-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: </ripe/mail/archives/routing-wg/attachments/20180925/5743d1ff/attachment.sig>