On Fri, Nov 14, 2014 at 11:15:22AM +0000, Nick Hilliard wrote: Hi
There's been a bit of media panic recently about registration of non RIPE address space in the RIPE IRRDB, e.g.
http://krebsonsecurity.com/2014/11/network-hijackers-exploit-technical-looph...
The premise is that if you can register a prefix in a routing registry, this will give you the ability to inject a prefix into the DFZ.
We'll ignore the fact that what you actually need to inject a prefix into the DFZ is a complicit transit provider and that most transit providers don't use the IRRDBs for bgp leaf filtering anyway, and even if they did, there are plenty of other IRRDBs where this information can be registered.
But that aside, some organisations use IRRDB information extensively, particularly IXPs running route servers. Many of these organisations filter on source: because of the amount of trash in alternative IRRDBs.
So, could the RIPE NCC database people consider using a different source: value for non RIPE address space, so that it would be possible for irrdb users to easily filter out authoritative data from non authoritative data?
E.g. 185.6.36.0/22 might continue to have "source: RIPE", but a prefix like "210.57.192.0/20" might have "source: RIPE-NONAUTH".
This is a good idea, taking into account comments made by Kaveh. We should not throw the baby out with the bathwater. Piotr -- gucio -> Piotr Strzyżewski E-mail: Piotr.Strzyzewski@polsl.pl