13 Apr
2019
13 Apr
'19
4:50 p.m.
On Sat, Apr 13, 2019 at 3:55 PM Doug Madory <douglas.madory@oracle.com> wrote:
Should that also be treated as a policy violation? This is clearly intentional. I believe what’s described in the Qrator article could be a leaking route optimizer (like Noction) not a new hijack type.
Probably. The title of the article refers mostly to the imaginary case in the "ideal attack" section, not to the particular incident. But, anyway, it is a hijack by perception: the LIR managing the prefixes didn't authorize the split announcement. Also, frankly, it's not really clear if it's an optimizer just *leaking* or that's on purpose. My point is exactly that: figuring out whether there's an intent behind a routing violation or not is hard. -- Töma