On 02/03/2023 22:11, George Michaelson wrote:
I would appreciate something like an IEPG presentation on this one, from anyone involved in the incident detection, remediation and analysis. It might also be a SIDROPS thing, but IEPG feels like a good fit, or DNS-OARC.
IEPG clashes with the regular meeting of the Root Operators.
Realising some aspects of the security posture can't be talked about, this is fundamentally a problem in public utility services, and against the public utility routing model (BGP) so the role of a ROA, or other mechanistic defences stands as something I think we (the community at large) would want a chance to talk about.
I'd be fascinated (for instance) how widely this was "seen" given the anycast nature of service delivery.
cheers, and commiserations to anyone involved in the problem.
We've also had a couple of recent incidents (one was the same as the reported E-root incident) but we've as yet not managed to get any useful response from the (APNIC region) sources. We still believe it's likely that this was incompetence rather than malice, though. There feels like little else we can do, since F-root's prefixes are RPKI signed. Ray