Hi, On Thu, 4 Apr 2019, Nick Hilliard wrote:
People generally hijack prefixes in order to make money. If hijacked prefixes are not generally visible in the internet, then the value of the hijacking is a good deal lower because the reach is smaller.
It depends on the purpose, and if visibility is a key issue or not. :-)
In order to stop something like hijacking from being a problem, you don't need to make it impossible to perpetrate - you just need to reduce the value to the point that it's not worth doing it.
The problem of that approach is the diversity of goals...
What makes hijacking attractive is when transit service providers don't filter ingress prefixes from their customers. The value of hijacking at an IXP will be proportional to the size of the IXP and whether the IXP has implemented filtering policies at their route servers. Direct peering sessions are troublesome, as they generally don't implement prefix filtering.
Yes. Trust is generally higher between peers/BGP speakers in a small environment, which might become a vulnerability... But the value depends on the purpose. If the value for the hijacker is in announcing a bogus route just to _one_ network, it's irrelevant if the IXP has 20 members or 200 members.
But transit providers are where the bulk of the problem lies, and where efforts need to be concentrated in order to handle the issue.
I'm not completely sure about that.
MANRS is one part of this effort.
Let's hope MANRS can seriously take off in terms of adoption! Cheers, Carlos
Nick