The New Threat: Targeted Internet Traffic Misdirection
The link below is an article from Renesys about prefix hijacking they've observed. So far until now, those events were not considered as attacks, but "misconfigurations". http://www.renesys.com/2013/11/mitm-internet-hijacking/ We've seen one of those events on our infrastructure, which lasted a few minutes, and it was detected by BGPmon. Is it moment to push RPKI? Topic to discuss during the next NZNOG meeting? Cheers, -- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535
On Wed, 20 Nov 2013 17:09:04 +1300, Sebastian Castro wrote:
Is it moment to push RPKI? Topic to discuss during the next NZNOG meeting?
I'm pretty keen to chat about RPKI with anyone who's interested, and I may yet make it to the next NZNOG. Out of interest, I conducted some brief surveys of the APE in March and discovered a pretty lacklustre turnout in terms of peers advertising routes with valid ROAs (which is, imo, a shame, given that enabling RPKI for APNIC customers is relatively straightforward). Here's a slightly updated snip from an e-mail I sent to the IXAG list on the 28th of March this year: o 4 out of 613 unique ASNs [on the APE] have a valid ROA published for the first prefix I encountered from their ASN (I am assuming if you publish any ROAs you'll publish them for all your prefixes, which might not be totally fair). Nice work Levart Distribution Systems, Citylink and Interactive 3D :) Unleash has (hopefully) valid ROAs but I can hardly congratulate myself for having set that up. o Two prefixes I encountered failed an ROA validity check already (198.48.2.0/24 and 202.7.5.0/24) -- Michael Fincham System Administrator, Unleash Office: 0800 750 250 DDI: 03 978 1223 Mobile: 027 666 4482
participants (2)
-
Michael Fincham -
Sebastian Castro