Passa al contenuto principale

9. Considerazioni sulla sicurezza

9. Considerazioni sulla sicurezza

Consumers SHOULD fetch and process prefixlen data themselves because importing third-party processed datasets places significant trust in the third party. Weakly authenticated RPSL repositories can allow spoofed inetnum: objects pointing to malicious prefixlen files. Section 6 provides an RPKI-based authentication method, but it is optional.

Risks include most-specific unsigned inetnum objects overriding wider signed objects, server throttling due to excessive fetching, privacy and targeting concerns from disclosing end-site boundaries, maliciously precise prefix sizes such as /128 over large IPv6 blocks, false CGN annotations, fake small allocations, and huge prefixlen files containing millions or billions of entries. Consumers should process prefixlen data with the same care as any external third-party data.