On 2002-03-13T18:49:20, Bruce Campbell <bruce.campbell@ripe.net> said:
Kurt, check out http://www.apnic.net/meetings/13/sigs/routing/index.html - Geoff Huston proposed a mechanism for exactly what you are asking... Action item on me (as Routing SIG chair) to talk to APNIC/ARIN/RIPENCC... Shouldn't be hard to set up a simple system which people can get an eBGP-multihop feed listing the unused addresses.
This seems like a perfectly legitimate idea.
a) administrative overhead of multiple eBGP feeds. ( I mention this for completeness )
Ok, not that much of a problem.
b) Loss of the service in the midst of a DoS attack.
With (b), if you are depending on the service to protect yourself from spoofed IP attacks apparently originating from unused space, then an attack focused on the distribution channel (ie, router at each end, or transit in-between) may open you up to the attack you are supposedly protecting yourself against.
Yes. However, if the service was provided for informational purposes only and for example hosted by the RIPE NCC or so, and used widely enough, the attacks _would_ come from an assigned IP address range and I am pretty sure that any sensible ISP will listen if an attack on a RIR originates from his IP space... I know that this doesn't protect much against a DDoS, but then, nothing does. (So far)
The distribution channel attack may also take the form of impersonating the RIR end of the eBGB feed, as could happen with any unsecured (e)BGP connection (the information is only as good as the method used to get it).
Of course. But then, eBGP does offer methods for authentication like MD5 etc.
Randy's point about liability is well taken. Any such service would be intended for use as informational only. What you do with such information is your problem, and not that of the Registry.
Definetely. This should be clearly stated.
From a technical perspective, providing the same information in RBL-style DNS zones is also doable in addition to/instead of eBGP.
In fact, the original MAPS RBL was distributed in both of these manners. Sincerely, Lars Marowsky-Br�e <lmb@kernel.org> -- "I'm extraordinarily patient provided I get my own way in the end." -- Margeret Thatcher