Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Can someone explain how we know these “announcements” are real? What’s to stop me setting up a company and announcing random dormant address ranges that I don’t own?


rpki[0], but that doesn't mean fake bgp announcements, considered bgp hijacking[1], don't happen[2].

Once every t1 drops invalid prefixes, then rpki will effectively mean no T1 can turn off the internet for other ASNs, but everyone signing their prefixes is required to mean nobody can fake announce an IP.

It looks like the DOD's routes are indeed signed[3].

0: https://isbgpsafeyet.com/

1: https://www.thousandeyes.com/learning/glossary/bgp-route-hij...

2: https://hn.algolia.com/?q=bgp

3: https://bgp.he.net/AS8003#_prefixes


The HE link doesnt mean they are signed. It just means the IRR records are correct. You would see a green key on the prefixes if they were signed (and correct)

The prefixes are in the https://www.radb.net

Somebody (as everybody can do this with radb) said to RADB that 8003 is the correct origin for these prefixes.

Considering the DoD hasnt rained hell on the RADB, Id guess theyre good as well, but its not RPKI signed.


Ah, my bad. I looked around and now know what RPKI signed actually looks like on HE. https://bgp.he.net/ip/1.1.1.1


I always recommend the nlnog IRRexplorer for this stuff.

Much better to see what the situation is for IRR/RPKI for a prefix/AS:

Cloudflare: http://irrexplorer.nlnog.net/search/1.1.1.0/24

One of the prefixes this thread is about: http://irrexplorer.nlnog.net/search/7.0.0.0/24




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: