Re: Spam, ASNs, CIDRs, and d-u
* Karsten M. Self:
> However, isn't the general routing information also available from RIRs
> for assignments?
Yes, in theory, but it's often not up-to-date. As a result, it's not
possible to construct strong filters based on this out-of-band
documentation, which in turn leads to little incentive to maintain the
RIR documentation. A typical vicious circle.
> Isn't the BGP data _necessary_ for routing topology to work?
Yes, that's why it's unusally accurate. 8-)
> How about tackling it from the other angle: rather than known
> untrusted bad ASNs, known trusted good ones. People with a good rep
> have an interest in defending it.
The following is likely to happen:
Suppose that AS 12374 is generally considered trusted. AS 12374
announces 212.9.160.0/19 (among other prefixes). So a spammer might
announce 212.9.160.0/20 which takes precedence because of the longer
prefix, using AS number 12374 as origin ASN. As a result, the spammer
can profit from AS 12374's reputation. Of course, this *very*
disruptive to AS 12374 and its customers, and it's likely that it will
be fixed within hours (but don't count on it, a major carrier once
announced half of the peering LAN of a major European exchange point,
and it took much too long to fix that, even it had an impact on lots
of peerings).
In theory, there are filters to prevent that, but they have little
effect in practice. Prefixes are a bit like mail addresses, and ASNs
(both origin and transit) are comparable to Received: headers: both
can be easily forged by an intermediate hop. (Even more accurate
would be an analogy to Usenet and its Path: header.) Of course,
forged email headers are extremely common, and BGP hijacking is
relatively rare. But this might change if there is substantial
incentive to spammers to attack Internet routing.
Reply to: