I am very grateful for the help I received from several people (mostly off list, which is great to avoid spamming the list). In particular, +Giotsas, Vasileios <v.giotsas@lancaster.ac.uk> , introduced by Joe Provo, provided a wonderful RIPE resource which provides convenient API to data from (at least) UCEprotect and SpamHaus, perfectly meeting out current needs: https://stat.ripe.net/docs/data_api#blocklist. Let me also use this email to briefly comment on two points from Matthew Walster's posts; and Matthew, I really come at peace, I have a lot of respect for you and your work, but we can also disagree on some things, right? So: 1. Matthew's email basically seemed to imply intentional hijacks are not a concern (rare/non-existent?). Few measurement works seem to show the contrary; I esp. recommend the `Profiling BGP serial hijackers' paper from IMC'19 by a team of excellent researchers. 2. A bit off-topic, Matthew's response to Dora Crisan seem to imply BGP eavesdropping for eventual cryptanalysis, possibly using Quantum computing, isn't a concern. On the one hand, I agree that Quantum computing seems still quite far from ability to break state-of-art PKC, and it may long till it becomes practical (if ever). OTOH, it may also not take that long; also, `conventional' cryptanalysis may still happen, e.g., see Schnorr's recent paper, ia.cr/2021/232, which claimed to `destroy' RSA [withdrawn later, so apparently even Schnorr can err - that's part of science - but this doesn't mean next effort won't succeed or that some TLA (three lettered adversaries) didn't succeed already]. TLAs may have other motivations for eavesdropping, like collecting meta-data. Now, I am sure many customers and providers may not care about security against such TLAs, but I think it is legitimate for some people to be concerned. Best, Amir -- Amir Herzberg Comcast professor of Security Innovations, Computer Science and Engineering, University of Connecticut Homepage: https://sites.google.com/site/amirherzberg/home `Applied Introduction to Cryptography' textbook and lectures: https://sites.google.com/site/amirherzberg/applied-crypto-textbook <https://sites.google.com/site/amirherzberg/applied-crypto-textbook> On Thu, Oct 28, 2021 at 7:48 PM Amir Herzberg <amir.lists@gmail.com> wrote:
Hi NANOGers, for our research on ROV (and ROV++, our extension, NDSS'21), we need access to historical data of blacklisted prefixes (due to spam, DDoS, other), as well as suspect-hijacks list (beyond BGPstream which we already have).
Basically we want to measure if the overlap (and non-overlap) btw such `suspect' prefixes and ROV-Invalid prefixes.
Any help would be appreciated. I'm not sure the list would be interested so I recommend you respond to me privately; if there are useful responses, I could post a summary to the list after few days (of collecting responses, if any).
thanks and regards... Amir -- Amir Herzberg
Comcast professor of Security Innovations, Computer Science and Engineering, University of Connecticut Homepage: https://sites.google.com/site/amirherzberg/home `Applied Introduction to Cryptography' textbook and lectures: https://sites.google.com/site/amirherzberg/applied-crypto-textbook <https://sites.google.com/site/amirherzberg/applied-crypto-textbook>