Re: IPv4 Hijacking For Idiots

[Mark Andrews <marka () isc org>]

In message <CAL9jLaZNRdE0gL4nVn93vhv1BOBtx0EKgJet8pVXa3Mve1Gy_Q () mail gmail com>, Christopher Morrow writes:
> On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews <marka () isc org> wrote:
>
> > Now we could continue discussing how easy it is to hijack addresses
> > of we could spend the time addressing the problem.  All it takes is
> > a couple of transit providers to no longer accept word-of-mouth and
> > the world will transition overnight.
>
> i don't think any transit providers were used in the previous thread worth
> of examples/comms...
> I don't know that IXP folk either:
>   1) want to be the police of this
>   2) should actually be the police of this (what is internet abuse? from
> who's perspective? oh...)
>
> The 'solution' here isn't new though... well, one solution anyway:
>   https://tools.ietf.org/html/rfc6810

You missed the point.  We have the mechanisms to prevent hijacking
today.  We just need to use them and stop using the traditional
mechanisms which cannot be mathematically be verified as correct.

Getting to that stage requires several companies to simultaneously
say "we will no longer accept <list> as valid mechanisms to verify
routes announcements.  You need to use X or else we won't accept
the announcement".  Yes, this requires guts to do.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org