nanog mailing list archives

Re: Need for historical prefix blacklist (`rogue' prefixes) information

From: A Crisan <alina.florar () gmail com>
Date: Fri, 29 Oct 2021 16:55:58 +0200

Hi Matthew,


What you seem to have failed to understand is that most traffic hijacks on

the internet are not malicious in nature, they are "fat finger" incidents
where someone has accidentally announced something they did not intend to,
either because of faulty software (the infamous "BGP optimizer") or someone
leaking internal "blocks" such as the Pakistan/YouTube incident --
certifying the origin of a prefix allows you to mitigate most of this as
the origin AS will change. Anyone seen deliberately causing hijacks is
likely to be depeered very quickly -- commercial pressure rather than
technical.

I was reading the above exchange, and I do have a question linked to your
last affirmation. To give you some context, the last 2021 ENISA report seem
to suggest that internet traffic is "casually registered" by X actors to
apply post Retrospective decryption (excerpt below). This would be at odds
with your (deescalating) affirmation that hijacks are non-malicious and
they are de-peered quickly, unless you pinpoint complete flux arrest only.
Are there any reportings/indicators... that look into internet flux
constant monitoring capabilities/capacities? Thanks.

Excerpt from the introduction: "What makes matters worse is that any cipher
text intercepted by an attacker today can be decrypted by the attacker as
soon as he has access to a large quantum computer (Retrospective
decryption). Analysis of Advanced Persistent Threats (APT) and Nation State
capabilities, along with whistle blowers’ revelations have shown that
threat actors can and are casually recording all Internet traffic in their
data centers and that they select encrypted traffic as interesting and
worth storing.This means that any data encrypted using any of the standard
public-key systems today will need to be considered compromised once a
quantum computer exists and there is no way to protect it retroactively,
because a copy of the ciphertexts in the hands of the attacker. This means
that data that needs to remain confidential after the arrival of quantum
computers need to be encrypted with alternative means"

Best to all,
Dora

Current thread:

Need for historical prefix blacklist (`rogue' prefixes) information Amir Herzberg (Oct 28)
- Re: Need for historical prefix blacklist (`rogue' prefixes) information Matthew Walster (Oct 29)
  - Re: Need for historical prefix blacklist (`rogue' prefixes) information A Crisan (Oct 29)
    - Re: Need for historical prefix blacklist (`rogue' prefixes) information Matthew Walster (Oct 29)
    - Re: Need for historical prefix blacklist (`rogue' prefixes) information A Crisan (Oct 30)
    - Re: Need for historical prefix blacklist (`rogue' prefixes) information J. Hellenthal via NANOG (Oct 30)
  - Re: Need for historical prefix blacklist (`rogue' prefixes) information Amir Herzberg (Oct 29)
- Re: Need for historical prefix blacklist (`rogue' prefixes) information Amir Herzberg (Oct 30)