Re: SYN flood messages flooding my mailbox
At 04:15 PM 9/17/96 -0400, Curtis Villamizar wrote:
Of course, if by "known route" you mean known because it is in the IRR, and the IRR is known to be reliable, then I accept your argument but caution that the IRR is not always reliable, but this is yet another reason to make it more reliable.
Curtis, This is also a valid argument for *not* relying on the IRR for security issues. - paul
In message <2.2.32.19960918115159.0069ee30@lint.cisco.com>, Paul Ferguson write s:
At 04:15 PM 9/17/96 -0400, Curtis Villamizar wrote:
Of course, if by "known route" you mean known because it is in the IRR, and the IRR is known to be reliable, then I accept your argument but caution that the IRR is not always reliable, but this is yet another reason to make it more reliable.
Curtis,
This is also a valid argument for *not* relying on the IRR for security issues.
- paul
I agree with you on this point but I don't think the security issues with the IRR are unsolvable. Making sure hierarchical authorization changes are deployed at all registries and enabling the PGP authentication would certainly help. Hierarchical authorization would require that registries recognize IANA as the numbering authority and install top level objects based on IANA top level delegations. This would require a strong tie between numbering allocations and routing registry. Right now any bozo can come along and claim a quarter or half the number space. Curtis
participants (2)
-
Curtis Villamizar -
Paul Ferguson