Scott Weeks wrote:
> --- s...@xopher.net wrote:
> From: Scott Christopher
>
> I think the solution is legislation + regulations.
> -
>
> For sure dude, because, you know, they do such a
> great job of all the other stuff they touch!
>
> scott
>
> ps. NOT!
I
On 3 Jul 2017, at 10:18 AM, Randy Bush mailto:ra...@psg.com>>
wrote:
Only if you sign the RSA and give up certain legal rights to your legacy
blocks/property.
the word 'certain' is not apt given that the LRSA Ts&Cs may be
arbitrarily changed by ARIN
Randy -
Not quite arbitrarily - ARIN can cha
On 2 Jul 2017, at 2:22 PM, Bryan Fields wrote:
>
> On 7/2/17 1:28 PM, John Curran wrote:
>> Note that ARIN does provide RPKI services for legacy blocks, but it is true
>> that we
>> require more legalisms than other RIRs… You can caulk this up to the
>> abundance
>> of legacy resources of qu
> Only if you sign the RSA and give up certain legal rights to your legacy
> blocks/property.
the word 'certain' is not apt given that the LRSA Ts&Cs may be
arbitrarily changed by ARIN
On 7/2/17 1:28 PM, John Curran wrote:
> Note that ARIN does provide RPKI services for legacy blocks, but it is true
> that we
> require more legalisms than other RIRs… You can caulk this up to the
> abundance
> of legacy resources of questionable provenance in this region, to the
> colorful U
On 6 Jun 2017, at 9:25 PM, Bryan Fields wrote:
>
> On 6/6/17 9:13 PM, Mark Andrews wrote:
>> Getting to that stage requires several companies to simultaneously
>> say "we will no longer accept as valid mechanisms to verify
>> routes announcements. You need to use X or else we won't accept
>> th
--- s...@xopher.net wrote:
From: Scott Christopher
I think the solution is legislation + regulations.
-
For sure dude, because, you know, they do such a
great job of all the other stuff they touch!
scott
ps. NOT!
On 6/6/17 6:14 AM, Scott Christopher wrote:
> Or one could register aсme.com
For what it's worth, that domain name (with a Cyrillic character 0441
replacing the "c" in "acme") wouldn't be allowed based on this:
https://www.verisign.com/en_US/channel-resources/domain-registry-products/idn/idn-p
Mark Andrews wrote:
> but we do have the tech to do this.
I wholeheartedly agree.
> All it takes is a couple of transit providers to no longer accept
> word-of-mouth and
> the world will transition overnight.
This is the hard part.
It seems trivial - being probably only a handful of transit
In message <1496816542.3628250.1001312328.70df4...@webmail.messagingengine.com>
, Scott Christopher writes:
> Mark Andrews wrote:
>
> > but we do have the tech to do this.
>
> I wholeheartedly agree.
>
> > All it takes is a couple of transit providers to no longer accept word-of-m
> outh and
>
In message <2541cadf-4a76-b172-b395-0822f1889...@bryanfields.net>, Bryan Fields
writes:
> On 6/6/17 9:13 PM, Mark Andrews wrote:
> > Getting to that stage requires several companies to simultaneously
> > say "we will no longer accept as valid mechanisms to verify
> > routes announcements. You n
On 6/6/17 9:13 PM, Mark Andrews wrote:
> Getting to that stage requires several companies to simultaneously
> say "we will no longer accept as valid mechanisms to verify
> routes announcements. You need to use X or else we won't accept
> the announcement". Yes, this requires guts to do.
And wha
On Tue, Jun 6, 2017 at 9:13 PM, Mark Andrews wrote:
>
> In message gmail.com>, Christopher Morrow writes:
> >
> > On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews wrote:
> >
> > > Now we could continue discussing how easy it is to hijack addresses
> > > of we could spend the time addressing the pro
In message
,
Christopher Morrow writes:
>
> On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews wrote:
>
> > Now we could continue discussing how easy it is to hijack addresses
> > of we could spend the time addressing the problem. All it takes is
> > a couple of transit providers to no longer accept
On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews wrote:
> Now we could continue discussing how easy it is to hijack addresses
> of we could spend the time addressing the problem. All it takes is
> a couple of transit providers to no longer accept word-of-mouth and
> the world will transition overnig
In message
<1496754899.2014592.1000384072.3e553...@webmail.messagingengine.com>, Scott
Christopher writes:
> Hank Nussbacher wrote:
>
> > 2. Create a domain called acme-corp.com and a user called peering
>
> Or one could register aÑme.com
>
> (If the reader can't tell the difference between ac
Hank Nussbacher wrote:
> 2. Create a domain called acme-corp.com and a user called peering
Or one could register aсme.com
(If the reader can't tell the difference between acme.com and aсme.com ,
the reader is using one of the multitude of email clients and/or fonts
that presents Unicode poorly
On Tue, Jun 6, 2017 at 2:25 AM, Hank Nussbacher
wrote:
(I think this is really Ron and Bill chatting, but some of the linkage got
lost on the tubes)
> >
> > I've read article after article after article bemoanging the fact that
> >> "BGP isn't secure",
> >
> > They're talking about a different p
On 06/06/2017 03:20, William Herrin wrote:
Ronald,
Here is how I would do it:
1. As you noted in your first email in this thread, find an abandoned
ASN, lets call it AS12345, with a POC of supp...@acme.com
2. Create a domain called acme-corp.com and a user called peering
3. Contact an IX, pre
On Mon, 05 Jun 2017 18:04:54 -0700, "Ronald F. Guilmette" said:
> So you're saying that whichever criminal is behind this stuff, that he
> maybe could have pulled it all off for the astounding and impressive
> sum of zero dollars and zero cents ($0.00) ?
>
> (Well, I guess that's not quite accurat
In message
William Herrin wrote:
>You actually got lost a couple steps back.
>
>First, you want to control the POC emails for the IP addresses. Controlling
>just the POC emails for the AS number won't do you any good.
Ummm... in this case there doesn't seem to be any reason to believe
that the
In message
Christopher Morrow wrote:
>most times i've seen isp DIA links bgp was 'free' or had been..
>
>> talking about the cost of adding an upstream BGP session.
>
>ok. so either free or some up-charge by the isp.
Wait a minute. I just wanna make sure that I am getting this.
So you're say
On Mon, Jun 5, 2017 at 6:56 AM, Ronald F. Guilmette
wrote:
> So, I guess then, if you're clever, you look and see who the ASN you've
> just successfully hijacked has historically peered with, and then you
> somehow arrange to send route announcements to those guys, right?
> (I'm talking about AS2
In message
Christopher Morrow wrote:
>that doesn't seem to be what's happening in ron's example though...
>
>it looks, to me, like the example ron has is more a case of:
> 1) register contacts for lost asn (AS34991)
> 2) setup equipment/etc at an IX (bulgaria-ix it seems, at least) with
>anot
On Mon, Jun 5, 2017 at 12:28 PM, Mel Beckman wrote:
> Chris,
>
> I didn’t research Ron’s specific example. I was speaking in generalities.
> I’m assuming any BGP hijacker already has two or more DIA connections. It
> only costs $100 to add BGP peering to that setup. Yes, they will need an
> ASN.
Chris,
I didn’t research Ron’s specific example. I was speaking in generalities. I’m
assuming any BGP hijacker already has two or more DIA connections. It only
costs $100 to add BGP peering to that setup. Yes, they will need an ASN. I was
only talking about the cost of adding an upstream BGP se
On Mon, Jun 5, 2017 at 7:05 AM, Mel Beckman wrote:
> One way is for the hijacker to simply peer with himself. The hijacker has
> an existing peering arrangement with, say, AT&T. He then tells AT&T that he
> will be transit for AS advertising XYZ routes, by dint of a cheerfully
> forged LOA. O
One way is for the hijacker to simply peer with himself. The hijacker has an
existing peering arrangement with, say, AT&T. He then tells AT&T that he will
be transit for AS advertising XYZ routes, by dint of a cheerfully forged
LOA. Once filters have been updated, the hijacker advertises the
The more I know, the less I understand.
Maybe some of you kind folks can help.
Please explain for me the following scenario, and how this all actually
works in practice.
Let's say that you're a malevolent Bad Actor and all you want to do is
to get hold of some ASN that nobody is watching too cl
29 matches
Mail list logo
