nanog mailing list archives
Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)
From: Yang Xiang <xiangy08 () csnet1 cs tsinghua edu cn>
Date: Fri, 20 Jan 2012 21:08:22 +0800
2012/1/20 Arturo Servin <aservin () lacnic net>
On 20 Jan 2012, at 10:38, Yang Xiang wrote:RPKI is great. But, firstly, ROA doesn't cover all the prefixes now, we need an alternative service to alert hijackings.Or to sign your prefixes.
Sign prefixes is the best way. Before sign all prefixes, it is better if we have a detection service.
secondly, ROA can only secure the 'Origin AS' of a prefix,That's true.while Argus can discover potential hijackings caused by anomalous ASpath. Can you explain how?
Only a imprecisely detection. Section III.C in our paper http://argus.csnet1.cs.tsinghua.edu.cn/static/Argus.FIST11.pdf A brief explanation is: If an anomalous AS path hijacked a prefix, I can get replies in normal route-server, and can not get reply in abnormal route-servers. Here we only consider hijackings that black-hole the prefix. If a hijacking doesn't black-hole the prefix (i.e., redirect, interception, ...), is hard to detect :( I think network operators are only careless, but not trust-less, so black-hole hijacking is the majority case.
After ROA and BGPsec deployed in the entire Internet (or, in all of yournetwork),Argus will stop the service :)I was just suggesting to add a more deterministic way to detecting hijacks.
Sorry for my poor English :( What I want to say is, RPKI is really good, Argus is just an alternative, before we can protect ourself using signatures, honestly :-) Best regards!
Regards, as-- _________________________________________ Yang Xiang. Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn
-- _________________________________________ Yang Xiang. Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn
Current thread:
- Argus: a hijacking alarm system Yang Xiang (Jan 20)
- Re: Argus: a hijacking alarm system Jeroen Massar (Jan 20)
- Re: Argus: a hijacking alarm system Yang Xiang (Jan 20)
- Re: Argus: a hijacking alarm system Suresh Ramasubramanian (Jan 20)
- Re: Argus: a hijacking alarm system Yang Xiang (Jan 20)
- Re: Argus: a hijacking alarm system Jeroen Massar (Jan 20)
- Re: Argus: a hijacking alarm system Yang Xiang (Jan 20)
- Re: Argus: a hijacking alarm system Yang Xiang (Jan 20)
- Re: Argus: a hijacking alarm system Jeroen Massar (Jan 20)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Yang Xiang (Jan 20)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Arturo Servin (Jan 20)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Yang Xiang (Jan 20)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Danny McPherson (Jan 20)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Christopher Morrow (Jan 22)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Yang Xiang (Jan 23)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Christopher Morrow (Jan 23)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Yang Xiang (Jan 23)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) John Kemp (Jan 23)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Yang Xiang (Jan 23)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Richard Barnes (Jan 20)