ARIN IPv4 misissue incident

35 points by ysun

m_a_r_k

I would be absolutely beside myself if my /24 was issued to someone else. Imagine if those IP's were pointing to some mission-critical infrastructure (power/utility monitoring, public safety, etc.)

I hope they're able to build some effective controls now so this can't happen again.

ysun

I think this probably won't affect mission critical infra "that" fast (unless block owners use a near realtime monitoring tool like bgp.tools)? If RIR revoke one's ROA, most upstreams won't even detect this until (maybe) 24 hours later? Not to mention most transit providers still put most of their stuff in IRR DBs (so depends on how frequently they scrape the new objects)

I hope they're able to build some effective controls now so this can't happen again.

100%
- m_a_r_k
  
  I'm curious in this situation, if you're still advertising your ASN via BGP, and using it, what the failure mode actually looks like. I'd love a write-up from the affected org on how things failed.
  - ysun
    
    They posted a comment on the orange site [0]. As for failure mode, it'd be the exact same as BGP hijacking [1]
    
    [0] https://news.ycombinator.com/item?id=46346162
    
    [1] https://en.wikipedia.org/wiki/BGP_hijacking