mailing list archives
Re: Thanks & Let's Prevent this in the Future.
From: Mark Tinka <mtinka () globaltransit net>
Date: Mon, 6 Feb 2012 13:01:20 +0800
On Thursday, February 02, 2012 01:00:43 AM George Bonser
One problem is the number of routing registries and the
requirements differ for them. The nefarious operator
can enter routes in an IRR just as easily as a
legitimate operator. There was a time when some
significant networks used the IRRs for their filtration
policy. I'm not sure how many still do.
I've dealt with AfriNIC and APNIC WHOIS databases, and they
normally control the 'inetnum' and inet6num' entries that go
into the WHOIS databases. So there is some degree of
certainty that what is in there is generally true.
You're right, anyone can create an IRR record, and it's
quite terrible how easy it is to create false information
that could break another person's network. This is why we
don't generally trust IRR or PeeringDB data when verifying
downstream prefixes which we should permit through our
filters. We rely on the RIR 'inetnum' and 'inet6num' records
My memory fails me on what ARIN do, but before AfriNIC was
established and the majority of Africa's prefixes were
allocated by RIPE and ARIN, I recall the ARIN policy (SWIP
templates, et al) being a hassle-rich experience that
anything else is long forgotten :-).
Description: This is a digitally signed message part.