On 2/10/2004 4:47 PM, Yakov Shafranovich sent forth electrons to convey:
Hallam-Baker, Phillip wrote:
Just to clarify some of my earlier comments.
I do think this is a serious issue. That does not mean I believe that
the
existing security mechanisms are entirely inadequate. It simply means
that I
think we should try to understand whether this is the case or not.
If this threat any worse than all of the possibly threats against DNS?
If it is on the same level, than we should just mention both in the
discussion document. That should be sufficient.
I think it's at least as bad, as we know BGP attacks of the kind we're
discussing are occuring regularly in the wild, while I at least don't
know that's the case for DNS attacks of the kind we're discussing (I
know there are DNS attacks of other types, which don't concern us
occurring regularly). I think that's all we can do. Perhaps the sorbs
folks could be asked what fraction of the lookups that are hits are hits
in hijacked IP space.
(I'm tempted to suggest that we suggest that a scoring system weigh
listing in a DNSRBL of stolen IP space more heavily than an OK from
LMAP, but won't; it currently not in LMAP's scope.)
And the probability of small BGP attacks of the kind we're discussing is
close to 1
As for solutions, it might be something that the routing folks need to
deal with. I am not sure if we have the mandate or the expertise to
deal with it.
I agree, it's not for us to deal with.
Yakov
PHB wrote:
Far worse in that it brings down large parts of the Internet in
the worst case - for real.
The probability of it being realized is lower, the consequences
are much higher.
Actually, the probability of BGP attacks that take over small parts of
the Internet is close to 1 - it is going on now; see the link in my
previous email -
www.completewhois.com has long lists of bogons and hijacked IP subnets,
many of them current, and some of them not so small - e.g. current /8
bogons, current /16 hijacks, and past /8 hijacks.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg