[Rpki-discuss] Routing incidents and RPKI

Carlos M. Martinez carlosm3011 at gmail.com
Tue May 29 21:28:00 SAST 2012


Hello all,

There was a full routing table leak at Telstra in Australia as recently
as this year, more info at http://labs.apnic.net/blabs/?p=139

However, bear in mind that the route leak issue is a rather thorny one,
where origin validation only will not always help you, although BGPSec
might.

In any case the RPKI is the stepping stone we need in order to look for
solutions to these issues.

Warm regards

Carlos

On 5/29/12 3:32 PM, ALAIN AINA wrote:
> Hi,
>
> Andrew asked for stats on IP blocks hijacking and BGP origin incidents that justify the needs for RPKI.
>
> Here you go......
>
> Apr 1997 – AS 7007 announced routes to all the Internet
> Apr 1998 – AS 8584 mis-announced 100K routes
> Dec 1999 – AT&T’s server network announced by another ISP – misdirecting their traffic (made the Wall Street Journal)
> May 2000 – Sprint addresses announced by another ISP
> Apr 2001 – AS 15412 mis-announced 5K routes
> Dec 24, 2004 – thousands of networks misdirected to Turkey
> Feb 10, 2005: Estonian ISP announced a part of Merit address space
> Sep 9, 2005 – AT&T, XO and Bell South (12/8, 64/8, 65/8) misdirected to Bolivia [the next day, Germany – prompting AT&T to deaggregate]
> Jan 22, 2006 – Many networks, including PANIX and Walrus Internet, misdirected to NY ISP (Con Edison (AS27506))
> Feb 26, 2006 - Sprint and Verio briefly passed along TTNET (AS9121 again) announcements that it was the origin AS for 4/8, 8/8, and 12/8
> Feb 24, 2008 –Pakistan Telecom announces /24 from YouTube
> March 2008 – Kenyan ISP’s /24 announced by AboveNet
> Frequent full table leaks, e.g., Sep08 (Moscow), Nov08 (Brazil), Jan09(Russia)
> ........
>
> This  type of  incident occurs more frequently. Not all of them  are publicized ...
>
>
> What about the unallocated and reserved blocks announcements ? see
>
> http://thyme.rand.apnic.net/rviews/data-add-IANA
> http://www.cidr-report.org/as2.0/#Bogons
>
> On these lists there is an interesting case(affecting our resources):
>
> http://smakd.potaroo.net/cgi-bin/per-prefix?prefix=41.222.79.0%2F24
>
> The 41.222.79.0/24 is seen in the BGP table originated from AS36938
>
>  Both AS36928 and the 41.222.72.0/21(coverage prefix) were reclaimed sometimes back in 2010.
>
> For all defense,  we live with "routes origin monitoring, alert and collaborative fixing " and deaggregations. 
>
>
> --Alain
>
>
>
>
>
> _______________________________________________
> Rpki-discuss mailing list
> Rpki-discuss at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss






More information about the Rpki-discuss mailing list