[RPKI] Routinator repository blacklisted
Slav Messetchkov
slav.messetchkov at sasktel.com
Mon Nov 28 23:58:53 UTC 2022
Hello,
We have been using Routinator as RPKI ROA proxy for several months now. Recently we noticed that the following sites, which are listed amongst Routinator's repositories, have been blacklisted on Gremlins, and access to them is being blocked by our Spamhaus RPZ:
rpki-rrdp.mnihyc.com
rpki-rsync.mnihyc.com
They are currently being blocked approximately 1000 times per day.
List of Blacklists:
List: DRBL vote node gremlin.ru Host: vote.drbl.gremlin.ru Rating: 3
List: DRBL work node gremlin.ru Host: work.drbl.gremlin.ru Rating: 3
Apparently this has been happening on and off for at least six months.
Has anyone else run into that? Are these sites trustworthy? And more broadly, how is the Repositories' security posture validated? In our experience the Spamhaus feed has a very low false-positive count, so for now we're treating this as a threat and blocking it. If a site is compromised, is there a way to drop it from the list of Repositories, so that Routinator doesn't send 1000s of unnecessary requests daily?
Thanks in advance for any advice on this matter!
Slav Messetchkov
Sr. Engineer Core Network & Service Development
SaskTel, TSI/NSD
NOTICE: This confidential e-mail message is only for the intended recipients. If you are not the intended recipient, be advised that disclosing, copying, distributing, or any other use of this message, is strictly prohibited. In such case, please destroy this message and notify the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20221128/49ec15c5/attachment.htm>
More information about the RPKI
mailing list