On Wed, 2006-06-07 at 11:01 -0700, Josh Karlin wrote:
Check out the IAR for "Potential Prefix Hijacks" and if you're coming to this more than 24 hours after the post, do a search on AS 23520 as the hijacking AS.
I don't know how long the routes were announced, but they seem to be gone now. Or maybe the IAR is horribly broken, in which case I will be lynched :)
You are the broken part, due to the mere simple fact that you accept those routes. That your uplinks are accepting them also means that you are not paying them enough so that they don't accept them either. But in ARIN land you have an excuse, more or less, as there is not a real 'good' routing database. In RIPE land we at least have route+route6 objects in the RIPE database where one can filter on, but that is only for RIPE. A sane and complete routing information database would already considerably help here. RADB is nice but does not help much to make the info complete. Also anybody can then still announce the prefix with the correct source ASN and other nasty tricks. In the end, the complete solution to most of these issues will be in the form of S-BGP (http://www.ir.bbn.com/sbgp/) and similar solutions. And the IETF is fortunately working on this: http://www.ietf.org/html.charters/sidr-charter.html It might take some time still, but it will come one day and then these issues are gone. At the moment you'll just have to trust your peers and try to get them to implement a sane policy on what kind of announcements they accept or not. Greets, Jeroen