North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: a fun hijack: 1/8, 2/8, 3/8, 4/8, 5/8, 7/8, 8/8, 12/8 brieflyannounced by AS 23520 (today)

  • From: Gadi Evron
  • Date: Fri Jun 09 09:56:57 2006

On Thu, 8 Jun 2006, Jeroen Massar wrote:

> In the end, the complete solution to most of these issues will be in the
> form of S-BGP ( and similar solutions.
> And the IETF is fortunately working on this:
> It might take some time still, but it will come one day and then these
> issues are gone.
> At the moment you'll just have to trust your peers and try to get them
> to implement a sane policy on what kind of announcements they accept or

I'd like to trust my peers not to allow botnets on their networks, and to
trust the botnet guys not to just run 10 more. I'd like to trust different
networks not to allow spoofing. It ain't happening.

I am happy folks like at RIPE and the IETF are looking at solutions, but
sBGP isn't a new idea, and well, how LONG have we been waiting for DNS-SEC

Obviously what we all (not me or you) are doing is not working. What
worked for us a few years ago, now doesn't work either.

There needs to be a strong distinction between what works operationally
for individual networks and for the whole Internet.