-- "Tomas L. Byrnes" <tomb@byrneit.net> wrote:
It seems to me that a more immediately germane matter regarding BGP route propagation is prevention of hijacking of critical routes.
The best you can _probably_ hope for is a opt-in mechanism in which you are alerted that prefixes you have "registered" with the aforementioned system are being originated by an ASN which is not authorized to originate them. A lot of smart folks have given some thought to this exact issue, and perhaps one of the best examples of this is: "PHAS: A Prefix Hijack Alert System" Mohit Lad, Dan Massey, Dan Pei, Yiguo Wu, Beichuan Zhang, and Lixia Zhang Proceedings of 15th USENIX Security Symposium 2006 http://www.cs.ucla.edu/~mohit/cameraReady/ladSecurity06.pdf - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
On Sun, Feb 24, 2008 at 10:41:26PM +0000, Paul Ferguson wrote:
The best you can _probably_ hope for is a opt-in mechanism in which you are alerted that prefixes you have "registered" with the aforementioned system are being originated by an ASN which is not authorized to originate them.
http://www.ris.ripe.net/myasn.html Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
participants (2)
-
Daniel Roesen
-
Paul Ferguson