Don't let a route being registered in one of the routing registries lull you into a false sense of security (sic), there is zero to very little real authentication done on a route registration. It only takes an ounce (or less) knowledge to register a route as being originated from any AS.

I have no illusion about the security of the routing registries. However they do have a couple of nice properties. Route registries show duplicate, and overlapping route registrations. BGP only shows the "best" routes. This makes it a bit easier to notice there should be a "better" route. It also serves as a form of "double-entry accounting," so simple accidents can be detected. Most RRs also maintain some type of audit trail. Which, as you point out, may or may not have a lot of authentication. For the non-malicious accident, it tells you who to talk to. For the malicious event, having a second source of data is helpful. I agree though RRs are less useful for this purpose. I tend to be a fan of RRs for the double-entry bookeeping reason, not because of any true authentication. Computers are good at detecting differences between two sets of data. Computers are not good at deciding right and wrong. I'm certain the mailing list will now enumerate the large number of problems of route authentication, and the several proposals in that area.

Do I think this is a real problem? It hasn't been so far, probably due to our cooperative and trusting nature >;). I think it would take quite some resources and reputation killing stupidity (or malice) to inject 'illegal' routes and then do something meaningful with them.

I think the answer to this is it may not have been a problem to you, so far. It is however a continuing problem for others. False route announcements happen nearly every day. Most don't happen to attract much attention because many of the victims are small sites, and the false announcements tend to be transient in nature. So many people just think its the Internet being flaky again. Often I've found the victim doesn't even realize it happened to them. False route announcements are popular with some spammers and crackers because its covers their origins a bit better. If you do manage to track down a false announcement, the originator always claims it was an accident. Although an unusually large number of accidential route announcements seem to originate in Hong Kong. But that may just be an artifact of the backbone they use, which can't be effectively filtered due to a lack of route information. The same thing may happen in other places, but they get filtered out by the routing registry information. They seem to announce the route for only a few minutes, do their work, and are gone before anyone notices. The 'slowness' of the routing registry update process might cause people to notice their activities more. At the present time even when the backbone security people return my page a couple of hours later, the false route is gone, and the security folks say they don't see anything wrong when they look at the net 'now.' -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation