[lacnog] IP Squatting en la region?

Roque Gagliano rgaglian en gmail.com
Vie Feb 6 18:53:41 BRST 2015


Doug,

I do not find a relationship between this incident and prefix hijacking,
which is the center of your blog post. This incident was really about
NAT444.

I did read your post and find it very interesting as more evidence that the
problem of hijacking is very real.

Now, I do not follow your conclusion. Seams to me that all the incidents
that you detected but incident number 5 could be detected and removed by
implementing RPKI and BGP origin validation, without the need for BGPSEC.
RPKI and origin validation is available today to be implemented.
Particularly, the LACNIC region has already 26% adoption of RPKI objects
(and growing). Unfortunately, I did not find any reference to RPKI and
origin validaiton in your blogpost.

Moreover, you mention Dr Goldberg's work, whose conclusions includes the
sentence:
"Research suggests, however, that the combination of RPKI with prefix
filtering could significantly improve routing security; both solutions are
based on whitelisting techniques and can reduce the number of ASes that are
impacted by prefix hijacks, route leaks, and path-shortening attacks."

Your work seams to validate her claim, as all but one incident would be
detected and mitigated by RPKI and origin validation.

Regards,
Roque


On Fri, Feb 6, 2015 at 9:37 PM, Doug Madory <dmadory en renesys.com> wrote:

> FWIW, I wrote a blog post recently about fraudulent routing:
>
> http://research.dyn.com/2015/01/vast-world-of-fraudulent-routing/
>
>
> Doug Madory
> Director of Internet Analysis, Dyn @dynresearch
> Hanover, NH                      +1 603-263-6868
>
> Dyn is a cloud-based Internet Performance company
> http://dyn.com/about/
>
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
>


-- 


At least I did something
Don Draper - Mad Men
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20150206/b8cf0bd8/attachment.html>


Más información sobre la lista de distribución LACNOG