On Wed, Mar 5, 2014 at 5:19 PM, Owen DeLong <owen@delong.com> wrote:
Never underestimate the willingness of a malefactor to subject hosts he controls (but probably doesn't own) or even hosts he doesn't necessarily control to vast quantities of traffic.And any person deciding to announce 1.2.3.0/24 to the open network, would have to face a massive traffic storm anyway. prop-109 by Geoff Huston mentions the traffic flowing to certain easily-remembered ranges. Assuming that 1.2.3.0/24 gets even 50Mbps of traffic if I announce it to the Internet, that is till still an expensive pipe, and probably not worth it on the off-chance that a random user will use it and allow "evil me" to redirect him to the particular bank that he is a member of, and which I am forging a website for.
Owen,Can you give me an example of what would be the scenario here? Assuming I am the upstream ISP of the "hosts I control, willing to subject them to vast quantities of traffic". Would I announce 1.2.3.0/24 upstream, and point it to my customer's link?
Or would I announce 1.2.3.0/24 from another ISP's origin AS?
How would (evil me) be able to hurt hosts other than on _my_ network?
I am not doubting that people would not want to misuse this, but how would this work in the case you have outlined?