Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] NANOG talk on IP hijacking

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] NANOG talk on IP hijacking


Chronological Thread 
  • From: "Montgomery, Douglas (Fed)" <>
  • To: "" <>, "" <>
  • Subject: Re: [Security-WG] NANOG talk on IP hijacking
  • Date: Thu, 16 Jun 2016 16:44:58 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hopefully the ARIN talk will be further motivation for plans for
RPKI/origin validation pilots within the I2/edu community. While the
discussion following this presentation suggested developing new formalisms
for “Letters of Authorization” for route announcements, RPKI Route Origin
Authorizations (ROAs) already provide such capability, the capability to
describe what parts of your space that should not be announced (covering
the disuse issue), and the capability that 3rd parties can verify such
originations (avoiding the weakest link in the chain failure).

Monitoring and reacting is a laudable goal, preventing the hijack at the
outset is more powerful.

dougm

Doug Montgomery, Mgr Internet & Scalable Systems Research at NIST/ITL/ANTD





On 6/16/16, 11:00 AM,
"
on behalf of John
Kristoff"
<
on behalf of
>
wrote:

>On Wed, 15 Jun 2016 21:37:21 +0000
>Michael Scarpellino
><>
> wrote:
>
>> I was not able to catch the presenter after the talk to discuss what
>> we could do as a community, but I thought I would at least pass along
>> this information along. I believe someone suggested ARIN reach out to
>> Educause, so we will probably be hearing more about this in the
>> future. In the meantime, awe all might at least review and update our
>> POC data.
>
>Hi Michael, I also suggested the REN-ISAC may be interested and able to
>help coordinate any sort of alerting or triage. It seems that there is
>a lot of legacy space that might not just be susceptible due to
>neglect, but that the legacy space is in disuse, making assignment
>hijacking difficult not only to detect, but even to know who the
>legitimate owner may be.
>
>I caught up with Christoher Spears (@OARnet) after the talk and he
>informed me that he has been doing some monitoring of some of this on
>behalf of OARnet and for Internet2.
>
>I was going to bring this up in the next REN-ISAC technical advisory
>group meeting as something to begin educating the community about.
>More eyes on this sort of thing wouldn't hurt.
>
>John




Archive powered by MHonArc 2.6.16.

Top of Page