Proposal 109: No more than one server per IP address [was Re: Sybil Attack Countermeasures]

Chris Palmer chris at
Tue Mar 13 04:01:57 UTC 2007

Chris Palmer writes:

> Is autonomous system number a better indicator of network ownership than
> host or network address?  Is it also more delightfully coarse?

Note that the assumption that AS numbers are "coarser" than large
network addresses (like /16 and larger) holds only if it is still true
that the BGP Gods don't like to give AS numbers to operators of small
networks.  (They used to, and maybe still do, dislike small autonomous
systems, since BGP table bloat has been a problem.  Maybe that is still
the case, I don't know.)

In any case, AS number is a better indicator of network operatorship
than network address (simply by definition of the term "autonomous
system").  Of course, Sybil could simply be a customer of many different
operators -- but again, maybe by basing policy on AS we are forcing
Sybil to have more fingers in more distant pies than we do when we base
policy on /16.


