Really like posts like this - when I first think of an AS, it seems unattainable by anyone but a larger corporation, but this really reduces it down to the nuts and bolts of what's necessary to create your own little segment of the internet. Pretty cool!
What I got out of this is that to be an AS, you either have to be a big company, or a small company with a lot of connections. There was a lot of stuff that relied on his friends helping him out. What if you don't have industry connections? You will never get the peering agreements needed by an AS unless you pay someone big bucks to peer with you.
This letter of authorization is also the first instance of where learning about how the Internet actually works gets a little weird. That letter is literally all it took for me to take control of a sub-block of someone else's public address space and get it routed to my network instead of theirs. Some of my network peers later asked for me to provide this LoA when we were setting up my network links, but that means I just sent them a PDF scan of a letter with my friend's signature on it. And I mean an actual signature; not some kind of fancy cryptographic signature, but literally a blue scribble on a piece of paper.
I can't wait for the Hackernews post where someone social-engineers their way into controlling an IP block and posts about it on twitter.
With one of my upstreams (a large Tier 1 you've heard of), I can announce any prefix I want. I just have to add a "route" entry to the routing registry database and wait a day or two for them to update their filters on my BGP session.
It's easily doable (I do it occasionally so I can announce customers' prefixes for them) but I'd "get caught" if I was announcing prefixes I shouldn't be.
At the 26C3 congress in 2009 there was a talk[1] about just that happening: companies that were looking for abandoned ASNs/IPv4 allocations and then using shady tricks (creating similarly-named companies, ...) to get them in their possession.
"That letter is literally all it took for me to take control of a sub-block of someone else's public address space and get it routed to my network instead of theirs."
Interesting. I don't want some faceless central authority making it a bureaucratic nightmare to do what he's doing, but I also don't want malicious folks exploiting the vulnerability. What's the long game here? What should this process look like in 30 years?
Really like posts like this - when I first think of an AS, it seems unattainable by anyone but a larger corporation, but this really reduces it down to the nuts and bolts of what's necessary to create your own little segment of the internet. Pretty cool!
What I got out of this is that to be an AS, you either have to be a big company, or a small company with a lot of connections. There was a lot of stuff that relied on his friends helping him out. What if you don't have industry connections? You will never get the peering agreements needed by an AS unless you pay someone big bucks to peer with you.
Larger corporation? A small company can do that.
If anything, there are too many ASes and too many small networks!
This letter of authorization is also the first instance of where learning about how the Internet actually works gets a little weird. That letter is literally all it took for me to take control of a sub-block of someone else's public address space and get it routed to my network instead of theirs. Some of my network peers later asked for me to provide this LoA when we were setting up my network links, but that means I just sent them a PDF scan of a letter with my friend's signature on it. And I mean an actual signature; not some kind of fancy cryptographic signature, but literally a blue scribble on a piece of paper.
I can't wait for the Hackernews post where someone social-engineers their way into controlling an IP block and posts about it on twitter.
With one of my upstreams (a large Tier 1 you've heard of), I can announce any prefix I want. I just have to add a "route" entry to the routing registry database and wait a day or two for them to update their filters on my BGP session.
It's easily doable (I do it occasionally so I can announce customers' prefixes for them) but I'd "get caught" if I was announcing prefixes I shouldn't be.
BGP on the public Internet is all about trust.
At the 26C3 congress in 2009 there was a talk[1] about just that happening: companies that were looking for abandoned ASNs/IPv4 allocations and then using shady tricks (creating similarly-named companies, ...) to get them in their possession.
1: https://events.ccc.de/congress/2009/Fahrplan/events/3688.en....
"That letter is literally all it took for me to take control of a sub-block of someone else's public address space and get it routed to my network instead of theirs."
Interesting. I don't want some faceless central authority making it a bureaucratic nightmare to do what he's doing, but I also don't want malicious folks exploiting the vulnerability. What's the long game here? What should this process look like in 30 years?
RPKI: https://en.wikipedia.org/wiki/Resource_Public_Key_Infrastruc...
If you're in Europe, RIPE still hands out ipv4 /22's to new members. Their fee is 1400EUR/year though, so not that cheap.
Where is the profit part?
profit was the fun that they had :)
Saving money on hosting.
there isn't. it's just a popular format titles (right along there with "x considered harmful")
sure, but theres also generally profit in the story.
TL;DR please?
This really needs an abstract/summary. 5 paragraphs in and I have no idea what they're doing.
They are making an ISP without the CMS + Payments