
Creating an Autonomous System for Fun and Profit - signa11
http://blog.thelifeofkenneth.com/2017/11/creating-autonomous-system-for-fun-and.html
======
daguava
Really like posts like this - when I first think of an AS, it seems
unattainable by anyone but a larger corporation, but this really reduces it
down to the nuts and bolts of what's necessary to create your own little
segment of the internet. Pretty cool!

~~~
cwt137
What I got out of this is that to be an AS, you either have to be a big
company, or a small company with a lot of connections. There was a lot of
stuff that relied on his friends helping him out. What if you don't have
industry connections? You will never get the peering agreements needed by an
AS unless you pay someone big bucks to peer with you.

------
nerdponx
_This letter of authorization is also the first instance of where learning
about how the Internet actually works gets a little weird. That letter is
literally all it took for me to take control of a sub-block of someone else 's
public address space and get it routed to my network instead of theirs. Some
of my network peers later asked for me to provide this LoA when we were
setting up my network links, but that means I just sent them a PDF scan of a
letter with my friend's signature on it. And I mean an actual signature; not
some kind of fancy cryptographic signature, but literally a blue scribble on a
piece of paper._

I can't wait for the Hackernews post where someone social-engineers their way
into controlling an IP block and posts about it on twitter.

~~~
jlgaddis
With one of my upstreams (a large Tier 1 you've heard of), I can announce any
prefix I want. I just have to add a "route" entry to the routing registry
database and wait a day or two for them to update their filters on my BGP
session.

It's easily doable (I do it occasionally so I can announce customers' prefixes
for them) but I'd "get caught" if I was announcing prefixes I shouldn't be.

BGP on the public Internet is all about trust.

------
braindongle
"That letter is literally all it took for me to take control of a sub-block of
someone else's public address space and get it routed to my network instead of
theirs."

Interesting. I don't want some faceless central authority making it a
bureaucratic nightmare to do what he's doing, but I also don't want malicious
folks exploiting the vulnerability. What's the long game here? What should
this process look like in 30 years?

~~~
jlgaddis
RPKI:
[https://en.wikipedia.org/wiki/Resource_Public_Key_Infrastruc...](https://en.wikipedia.org/wiki/Resource_Public_Key_Infrastructure)

------
implr
If you're in Europe, RIPE still hands out ipv4 /22's to new members. Their fee
is 1400EUR/year though, so not that cheap.

------
ghoshbishakh
Where is the profit part?

~~~
gruez
there isn't. it's just a popular format titles (right along there with "x
considered harmful")

~~~
brod
sure, but theres also generally profit in the story.

------
gricardo99
TL;DR please?

This really needs an abstract/summary. 5 paragraphs in and I have no idea what
they're doing.

~~~
peterchau
They are making an ISP without the CMS + Payments

