nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Need for historical prefix blacklist (`rogue' prefixes) information

From: Amir Herzberg <amir.lists () gmail com>
Date: Sat, 30 Oct 2021 09:55:57 -0400
I am very grateful for the help I received from several people (mostly off
list, which is great to avoid spamming the list).

In particular, +Giotsas, Vasileios <v.giotsas () lancaster ac uk> , introduced
by Joe Provo, provided a wonderful RIPE resource which provides convenient
API to data from (at least) UCEprotect and SpamHaus, perfectly meeting out
current needs: https://stat.ripe.net/docs/data_api#blocklist.

Let me also use this email to briefly comment on two points from  Matthew
Walster's posts; and Matthew, I really come at peace, I have a lot of
respect for you and your work, but we can also disagree on some things,
right? So:

1. Matthew's email basically seemed to imply intentional hijacks are not a
concern (rare/non-existent?). Few measurement works seem to show the
contrary; I esp. recommend the `Profiling BGP serial hijackers' paper from
IMC'19 by a team of excellent researchers.

2. A bit off-topic, Matthew's response to Dora Crisan seem to imply BGP
eavesdropping for eventual cryptanalysis, possibly using Quantum computing,
isn't a concern. On the one hand, I agree that Quantum computing seems
still quite far from ability to break state-of-art PKC, and it may long
till it becomes practical (if ever). OTOH, it may also not take that long;
also, `conventional' cryptanalysis may still happen, e.g., see
Schnorr's recent paper, ia.cr/2021/232, which claimed to `destroy' RSA
[withdrawn later, so apparently even Schnorr can err - that's part of
science - but this doesn't mean next effort won't succeed or that some
TLA  (three lettered adversaries) didn't succeed already]. TLAs may have
other motivations for eavesdropping, like collecting meta-data. Now, I am
sure many customers and providers may not care about security against such
TLAs, but I think it is legitimate for some people to be concerned.

Best, Amir
-- 
Amir Herzberg

Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and lectures:
 https://sites.google.com/site/amirherzberg/applied-crypto-textbook
<https://sites.google.com/site/amirherzberg/applied-crypto-textbook>




On Thu, Oct 28, 2021 at 7:48 PM Amir Herzberg <amir.lists () gmail com> wrote:


Hi NANOGers, for our research on ROV (and ROV++, our extension, NDSS'21),
we need access to historical data of blacklisted prefixes (due to spam,
DDoS, other), as well as suspect-hijacks list (beyond BGPstream which we
already have).

Basically we want to measure if the overlap (and non-overlap) btw such
`suspect' prefixes and ROV-Invalid prefixes.

Any help would be appreciated. I'm not sure the list would be interested
so I recommend you respond to me privately; if there are useful responses,
I could post a summary to the list after few days (of collecting responses,
if any).

thanks and regards... Amir
--
Amir Herzberg

Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and lectures:
 https://sites.google.com/site/amirherzberg/applied-crypto-textbook
<https://sites.google.com/site/amirherzberg/applied-crypto-textbook>
Previous By Date Next
Previous By Thread Next

Current thread: