We're going to help. Me run home. But we're going home already. Mom. And also. For. The long haul and today's. Security concerns for the older one. Are now thanks very much. Happy to be here and invited when I was talking to Maria she said Your title is very cryptic so it's not crypto it's just cryptic so I'll try and hopefully make it a little bit what I what I had in mind and what's behind the title. So something about me I started network operations in one thousand nine hundred four then moved to engineering in architecture worth different rules for something like twenty years always pretty close to operations in one way or another and security isn't my main focus and also hopefully this is a bit of a meeting of different cultures and communities. In this. Community audience so. None the less I'm pretty involved in security one way or another. To give a little perspective. Back when I started. There were a whole bunch of things that were different that is now so we had thing called finger which was so they ran on a lot of UNIX machines basically it was plain text transport you could see who was logged into a machine. You know privacy considerations all over the. Place but that was the state of the world back then you know it was a small community S.S.H. didn't exist there were ways to do encrypted sort of command line sessions but it was pretty rare at near network I was working at the time working for B.B. and B.B. and knock. There was open privileged you know sort of top level telnet access to routers it was open because the idea was it's a community who all wants to to understand you know what's what's working what's not working so we made that available that's definitely not the type of thing that would happen these days. We would use sometimes in troubleshooting. Reachability issues we would we would use something called the The percent. Percent hack where you could say if you wanted to instead of saying user at domain you could say user at domain a user percent domain at some other domain see if you couldn't reach their S.M.T.P. server you could bounce it through an intermediate one that you had a sense might be able to reach it and that was you know that was fine and very helpful and useful definitely not the type of thing that happens today. You know sort of talk about the updates to some of these things. Further down in my talk in terms of questions I think maybe better to save them till the end which I hope there will be some and have a discussion but that's probably the easiest way to get through. There was also for trace there was trace route with a loose source option where you could say. Tracing to a destination but use this intermediate hop to get there. And that was important for us because that way we could if there was it reachability between my network when I was trying to reach another person's i. Could bounce it through a third network that I thought might have reachability so I could see how they were connected and sometimes it was a way to also troubleshoot you know what what those people the people on that network may be. Happening might be seeing and so the reason that it's basically doesn't exist today is that it's kind of deed possible de DOS vector because those loose source packets are what they call process which they're switch in software versus switched in the hardware in the in the fast path of the router so that definitely doesn't exist either. So obviously we've seen a lot of improvements since then not all have seen employment Why is that and that's kind of really the upshot of the talk today and that's why I called you no way why I gave it this cryptic title so I'll talk about a bit about the multi-stakeholder worlds and then some examples of how it applies to security concerns with routing with spoofing of different types with D.N.A.'s Domain Name Service and hopefully. You know I am sure people have a variety of different backgrounds here and hopefully I'll be bringing people to some so Munder staying home I mean I'm sure it'll be sort of. Well understood for a lot of people maybe some others not so much but. In the multi-stakeholder system you know what I had in mind is there's a variety of actors there's. Development protocols by the standards organizations like I.T.S. Tripoli for net and lower layer network things W three C. obviously for web protocols hardware suppliers you Cisco's your Juniper's Apple Intel you know Intel is obviously not a retail. Organization but they're inside a lot of things as there are their ad campaign says. And then there's software also router software there's a Wes's all kinds of things and for operators there's interest service providers there's content distribution networks enterprises including you know universities governments. Then there's obviously the users regular people the military your grandparents my grandparents or my my in-laws. And then the government you know has this has a piece of it there's legal issues regulatory law enforcement. The military again. For education it's universities vocational schools secondary and you know primary schools to you know educate you all or or you know the citizenry and the workforce to to get get us where we need to be nongovernmental organizations like Internet registries advocacy groups of different types they all play a part in it as you may expect they've got various incentives for what they. You know what they do and why. So. You know some dimensions obviously time always takes too long money it's too expensive effort it's too difficult complexity makes things harder to understand and manage you know maybe makes them more prone to failure. Risk never sure what you know is what's the outcome going to be. And. Then entropy hard hard to keep it clean once you deploy something how do you how do you keep managing it through its life cycle without it just sort of decaying and leading to more mass. So we think about. Some things that you know let us hear also the robustness principle as as John pastel articulated it be conservative in what you do liberal and what you accept from others so this was something that he wrote in a in an early. Specification for T.C.P. IP protocol but was you know kind of the governing motto or idea for a lot of the development of the early Internet even through today you'll get many good things obviously it makes bootstrapping and interoperation easier keep the internet running and growing you know the easier it is to deploy and start up things you know it's growing. Obviously might have yielded some of our current challenges was a different time when the community was smaller everyone knew each other better. You know the early Arpanet and Internet days so. Obviously now we're we're we're more cautious more guarded. We you know want to to. You know not necessarily trust by default that's part of it. So. Let's talk about something simple and like I said I prepared this I wasn't sure exactly what the audience you know what the background and experience of it would be so hopefully it's not too remedial you know helps bring everyone into it since you folks are more security minded than network or is it. The fundamental building block block of internet routing is on antonymous system so it's a network under a single administrative control. Uses I.G.P. on the inside E.G. P. to the outside so you know if you make a diagram it's like a cloud right so inside it's among the different routers uses the internal gateway protocols. They handle top ology discovery and state. State management so figure out where your links are between different nodes what their capacity is and whether they're available or not available you would deploy it inside a P.C. an enterprise university etc There's you know several different examples that there are use B.F. and I.S.A.'s are the biggest ones rip not so big anymore. Then on the facing the outside of the autonomous system between autonomous systems we use external gateway protocols you know generically speaking. This is how the different. Routing domains advertise reachability between each other and so is really the only one currently in use there was an earlier when I started that was you know I knew of one place that used it but it was basically already on its way out. This is right how they have the network speak to one another and the fundamental relationships they have between each other we call. Customer or you know all the transit or non transit in terms of does the traffic traverse they to go to another place or does it does it terminate in that so sometimes people call that a customer relationship so it's called settlement free interconnection or appearing. You know the customer thing focuses on the economic arrangement but really from a technical point of view it's really does the traffic traverse that domain to go other places or does it does it drop their. Forwarding decisions are based on destination IP address so advertise rather advertisers reachability for destination for a network traffic for that doesn't ation then flows toward the advertising router. And source IP isn't checked by default I mean in general so that's the kind of big picture of it it will talk a bit more about that later too so what are the kind of risks that we've seen control plane attacks where you're attacking the routing information flow control plane is what we think of as the you know where the routing information gets exchanged in the data plane is the you know is where the data actually traverses so. There's. This origination leaks also are probably the bigger concern and those can result in interruption of traffic flow more into detail. Coming up. So what are the risks that we see within the control plane they're bringing down B.G.P. sessions. Either spoofing the source of IP source IP and that sending a T.C.P. reset because of functions over T.C.P. connections so if you could set send a T.C.P. reset which basically says to your to the other end of the connection close done you know if you could do that then you could just bring it down you know so they'd be exchanging traffic as they bring it down and all those routes would drop the effect would be service a bunch of solutions were. Developed for this in the. B G P T C P M D five which basically involves a shared secret. So both sides enter the same password and then they. Encrypt the data between them so that somebody without knowledge of that shared secret if they sent a. They sent a message including a reset it would you know when affected the. Router and. The you know one critique of this approach was OK what if somebody just sort of sends a bunch of of known bad five known bad packets causing the router to have to run the M D five calculation on a bunch of stuff that it doesn't end up caring about you know they could basically do that all day long. It could overwhelm the C's C.P.U. and you know deploying the security solution could actually make things more vulnerable was a concern. Then there is another solution developed called generalized T.T.L. security mechanism which. Normally be the packets because they just run between routers that are right next to each other by default they have a an IP time to live of one so that basically it never has to go further than. Than one hop away and you know the way traffic goes every pop Decorah meant to T.T.L. then when the T.T.L. is reaches well when it arrives with a T.T.L. of one so you did create Did you know Decker meant by one zero so it's never going to get forwarded so the idea is if somebody sent a packet from further away which had to have a larger T.T.L. to reach the destination it would arrive with and you know a T.T.L. other than one and. This would be a protection by making the router enforce that that property it would protect you from somebody out in the Internet making an attack on your on your router. Basically you know that's seen a little deployment not huge so why are these security mechanisms that came up the were developed haven't you know they haven't been universally deployed by any means still attacks haven't been seen before you know or after because and and wide. It's not totally well understood it's hard to guess the T.C.P. sequence number combination of ports you know because. You know there's there's a large numbers both sides. You know the initialization sequence number initialization is pretty well done now so that's one theory of why the attacks haven't been widely seen even though many people don't deploy these protections also maybe because there is Don't want to you know just bring down the Internet because that's what they used to to do what they do the other large class or even bigger class of of problems with P.G.P. is Route leaks or mis origination So basically what happens with the risk risk is that you'd be black holding some traffic or that you could you know divert it through your network and inspect it. Or you could overload intermediate link by sending more traffic there than than. It's designed to handle. Generally what we see more often than not is unintentional. Problems where the first one that I remember which may be the first one that's generally well known or thought of is in one thousand nine hundred seven there was the A.F. seventy seven thousand and seven incident so what happened was this Thomas system. Just generated tens of thousands of routes which was you know about what the internet routing table was back then it was probably about at the time forty to fifty thousand routes now it's well over six or seven hundred thousand. So basically it's thought that this was due to a bug or somebody you know enabling a sort of hidden feature that they didn't realize. And what happened in my network at the time and generally is that all the routers ran out of memory so. You know it was a very day for the Internet and the only way to clear the the problem was to reboot the routers either you had to send somebody outside the facility to look at the power or if you had done access through a phone line to a modem to the console port of the router you could tell us a reboot. So that was a very bad day and some variation of of route explosions you know have come up now there's sort of more safeguards usually people configure maximum number of prefixes at a session level that you're expecting to see so if somebody goes over that it tears down the session so you can't you know this so so as as far as getting a network wide Internet wide problem that doesn't generally happen. There's also what happens more often is misconfiguration because there's poor. Really you know the software by default will allow you to configure session and for it to come up without any filtering in place so. That's you know a lot of times people will not configure the whole piece that says no maximum number of routes or only allow these fifty you know twenty or fifty or one hundred routes to come over the session. But you know just it'll come up and a whole bunch of routes will come in that aren't expected so that's the unintentional So a lot of times. There's Mr origination which is a different thing where you you. Accidently originate a route in B.G.P. that doesn't belong to you. And obviously then attract the traffic for that that network. Depending I mean sometimes you'll only attractive for your neighbors sometimes you'll attract it for a broader part of the Internet usually it's accidental it's just a typo in some configuration. Some incidents that have happened there was an incident with Pakistan television where they had an internal censorship system that's what surmised you know no one who's authoritative as you know told the whole tale but. So they would advertise routes for you too because they didn't want. Either their internal people this to be able to use You Tube or they wanted to be able to filter certain content and so at least passed the borders to. Peas and you know a lot of Youtube traffic a lot of Youtube for a lot of people was unreachable that day or those couple hours or whatever was. There was a China incident in China where they had they leaked some addresses for some of the root name servers it's thought that that was probably unintentional they may have had some internal sent. Your ship set up or or what is not necessarily known but. For a little while traffic for those routine servers was going into China. Didn't last very long so intentional we've seen it you know a few intentional problems or apparently intentional problems there was this so-called Latvian hijack I mean no one knows for sure if it's was a hijack but Renaissance was a company that did the analysis where it seems that you know there were. Different episodes over the course of weeks or months that you know for a little bit of time where some traffic was diverted to Lafayette and then. You know sent on its way to its ultimate destination so it was in a totally disruptive mis origination thing so still unknown there was a bit coin attack. Where the seemingly clear motive was to gag some parts of the Bitcoin infrastructure temporarily so that you could gain an advantage to make more money or whatever over that. Might have worked then there's other things where people use a little bit of on a new used address space they advertise it temporarily and then they. Send a bunch of spam or they you know do some other you know bad thing because that address space is you know it's not theirs it's not attributable to them you know they can use the good reputation or the neutral reputation of the of the owner and then go away. And so that that happens from time to time less record of it you know usually the scope of that of how far that those originations go is in the global routing system is kind of variable so it's not always observable. So how do you know what's the way to combat this is is how to know when the routing is correct so how do you figure out when the autonomous system belongs to us you know a particular person when you're on the phone with them setting it up or exchanging e-mails. You know how do you actually even know that the person on the other end is representing who they say they are that's probably not a huge problem but but you know points up one kind of thing that you know part of the part of the overall ecosystem so. Then you have an idea of OK what address space. What address space is an autonomous system authorized to announce So you you know generally white list the routes you allow them in through a filter configuration. So you explicitly lead in those routes which implicitly denies the other so that's you know a protection that people generally use but you know would have prevented some of the earlier problems and you know so it's not globally. Globally used and then with a S. path filtering you can white list the transit relationship so you can say all right we expect these autonomy systems to be on the other side of this one that we're connecting to but you know there's a limit to what might be over there so that you don't have a situation where they're advertising traffic for a. For a for a whole network that they that they are not authorized to. The challenge is we want the system to be dynamic and flexible we want to you know have minimal maintenance not have to touch every time somebody wants to you know bring up a new. You know somebody who's not directly connected to you wants to do something you don't want to have to you know contact everyone else in the Internet and say OK I'm making this change so you know that's kind of the challenge. But you wanted to be too flexible right. So what are the different you know back to the multistakeholder piece What are the different in addition to obviously you know I talked about the protocol developers and some of the security solutions the hardware and software makers that have to implement them and then you have to acquire and deploy that then you've got these other characters like regional Internet registries which are fundamentally important because how do you know you know that people don't reason the same. Number resources IP on a system number resources through a registry and so there's five of them in the world roughly Continental Africa lacnic is Latin America which is basically everything south of of the U.S. in the Americas right which is covers Europe A.P. Nick Asia Pacific region and Aaron which is North America and Caribbean. Their membership organizations they issue these autonomous system numbers the IP address numbers for V four of the six called you know we call them blocks or prefixes. Their members and the people who they issue resources to are you know they have a relationship with the you know try and figure out who those people are and you know how how to. You know that they're legitimate so. You know we call it a business relationship that may or may not involve money that's sort of outside the scope but you know there is a relationship between the organization and the people who use it. They have to keep their contact up to date because. They have to know how to get in touch with you and you know if there's an abuse situation or. That kind of thing and if somebody else wants to report abuse they have to know you know how to how to get in touch you probably heard of the WHO IS service which is you know a mapping of. Resources to organizations then there is the internet routing registry so. There's this is basically a system that will you know and here's some examples some of them are run by the routing registry by the Internet registries some aren't and they express routing policy or intent so the mapping of of a prefix to autonomous system and they can even. You know with the language it's called R.P.S. All right policies specification language you can even describe neighbor relationships. They I would say it's it's. You know one uniformly used you know so not everyone uses it. Exactly how you're supposed to use it isn't you know uniformly done there's no expiries So like if you put something in. You know if you do something for a particular customer or you know somebody submits a. Piece of information to the Internet Rajan registry it stays around there whether or not it's still in effect you know it just can stay around there forever there's no particular motivation to clean it up and so people have a lot of issues with trusting the the information in there and feeling that it's fresh and reliable Also there's no linkage of what you put in there with your right to speak on behalf of that resource. You know broadly speaking right for instance and I think A.P. Nick in their routing registries they say OK if you're going to put something in writing registry about a particular prefix you have to be the person who it's to whom it's issued so they have at least kind of the authorisation piece baked in but but that's not uniformly true. So Dunder stand a bit about the challenge of this whole thing think about you know the what goes through when they provision B.G.P. customer so the customer details come from the sales order or some sort of documentation and you figure out OK It says it's going to use this autonomous system number and what prefixes are are you know are we expecting from them so there's no way to know that from inside the G.P. itself you have to go to one of these other pieces you know places these registries. But sometimes the documentation is big US because it'll say you know there's a mergers and acquisitions and name changes and stuff so if it's it if you're dealing with a company called A.B.C. Inc And then you go to registration it says already been choose dink chewed incorporated into a human can say OK that seems like the acronym matches you know seems like the same thing but you know from a machine readable computational perspective it's not it's not that. Reliable. And then you you know. How do you understand what the downstream A S is are that's that's hard to do too and then if somebody is bringing a piece of address space that they say yes Somebody lent it to me we have an arrangement so you can override this registration with what we call letter of agency. There's no cent standard for it like you know it's a letter on some letterhead which I mean people who even use that many more so then you get a P.D.F. Well those can be forged and that's I've seen that happen. So if you if you bring up if you're working and I esteem you're bringing up a session two and a. Non-customer. So it's a non transit network you. Generally don't enumerate specifically what prefixes you're going to hear because that can change you know it's them and their customers so you don't necessarily want to hard code it on the router because it gets difficult to manage and you know sort of inhibits the flexibility and. Dynamism of the system so generally what's done is just try and make sure that some large that they don't send you routes going to some or other that large non transit network so that you know and how do you know which these are is just through experience so if you say. You know I work for Comcast. I'm going to set up a connection to eighteen T. Well I think that a. I'm pretty sure they should never advertise me Verizon's route so you know I'll filter anything that seems to be you know that seems to say that Verizon is downstream of a T.N.T. from that connection because I don't think that should ever happen but there's no. Ground Truth for this is no way to verify that you know what the proper relationships are supposed to be and then the changes you know a customer will call up they'll say change the set up because. You know we're making some changes you know we can handle that but you know it's it's. A bit a bit onerous there's ways to automate it using if they if they average if they maintain their own stuff in the routing registry we can you know query that it intervals and really generate our filters and reapply them so there's ways to automate it. Workflow still all the thing. As I mentioned before doing those checks. Mergers and Acquisitions slows the dynamism So what's a. You know from the standard side what's a proposed fix to this so our peak is called Resource public key infrastructure so it follows the the resource delegation hierarchy so you get when you get a resource from. Regional Internet registry they you can basically through their system. Put together you know register binding of origin A S to that prefix and. They use X. five zero nine certificates so you know it's sort of cryptographically verifiable that the person who who who put it in is the you know correctly authorized party. But it can also work in a delegated system where they can say you can set up your own certificate authority and and your own but very few people do that the system generally hasn't seen a lot of. Of. Uptake. So also just to finish that you know the validation or sort of the route origin verification is basically you know you have a another piece of software that pulls in all these are difficult runs all the operations to make sure they're you know seem correct correctly signed and delegated. There's you know this is another case where the people who make the software another stakeholder well who's motivated to make the software there's three versions of open source versions that exist there's no commercial support you know being a company a large company you know might take that take that on smaller companies there they're going to be like you know we're not experts and that if it breaks how do we get it fixed questions whatever. Tools to diagnose the problem are yet develops. Certificates going to expire so if if the if you signed a bunch of these these are called bro is Route origin at stations but basically if you signed a bunch of these cryptographic objects they always you know it's they have some experience could be a year it could be twenty years but you have to keep that in mind and you know remember to refresh or what have you reassure the certificates when that time comes. Scaling properties are known. And what if a government says you know goes to the the right registry and says we have a takedown notice for this. For this network. Issue a you know remove their origin. At the station so that basically anyone who's running that software will no longer accept traffic for it you know people are concerned about that because that's. Governments have ways to do different things on the Internet now. But this is a whole new level of breaking the contents of any that that they they have been using before so that's of concern right. Expertise varies wildly widely I should say you know enterprises don't have the expertise speeds do so the enterprise are usually going to say well what you know I'm paying you a law for this I don't want to know about all that complicated stuff you guys figure it out and fix it and you know do it right so you know there's there's a stakeholder Who's your customer who is telling you you know they're interested to a point but not too much. All right onto a different class of risk spoofing this is injecting unauthorized traffic you guys probably have some awareness of you know source IP address spoofing e-mail address spoofing there's you know these are well studied abuse vectors in the in the security world. You can inject bogus data you know guessing T.C.P. sequence numbers you can you know insert bogus traffic into existing streams there's fixes to it like improving the secrets number generation software vendors have to code the fix you does have to upgrade the software more stakeholders. The risks are implication you know here are some examples that we've seen in history this so-called Smurf attack was one of the earlier ones early in my career that we saw that where people would send up a packet with a certain address would generate like a ton of traffic you know low investment by the attacker high yields of bad stuff happening you know rather code was upgraded people people deployed so that that's pretty well fixed S.M.P. amplification attacks you know another asymmetric thing where somebody sends a packet receives a large response. You know that there were home routers that had this problem this is only going back a few years and OK so what you know what should the I speed do we don't own the home router you know in a lot of cases so should we block this traffic because we think this is not something people would ever want so you know. They're only so motivated to fix it or even understand it you know should a dynasty block that by default to you know improve the the ecosystem. It's you know an open question. So. Another solution is to block source spoofed source IP addresses so this is you know a best what we call best common practice which is another kind of R A C which says you know block at your network edge you know traffic that has a source IP address that's not on that subnet and you can do with an access control list there's router features that can ease the administrative version so they basically reverse the routing they say if if I would route to that destination on this port allow the that source you know something with that source IP address to come in but if it's. But if it's not drop it so you can do that at the edge of the network but if you're kind of in the core you but not know where you know where all the different possible paths routers route traffic can enter because like I said it's forwarded on the basis of destination so. Even though I might route this way to reach a certain destination they may route this way to reach me so the the routing and forwarding planes don't necessarily line up. You know OK so I took talked about this apology considerations where the stubs form is considerations some router hardware couldn't do it at high speeds that's pretty much not the case anymore with modern stuff but you know flexibility still want to keep that. Complexity. Source spoofing people have all seen spam and that kind of thing you just consent to any destination. What's a way to combat that. So. Now we can. Close what so called open relays so that people you know are basically using a really outbound that they're expected to be using us and S.M.T.P.. And so if you're a customer and I are an A. Or a an enterprise you'll have some password you know credentials that you can use to submit mail and then that will send it directly to the destination I mean it's not so common to see many many many hops of intermediaries anymore. You know among different. Entities handling entities So basically the open relay thing is been closed through software knobs and so forth. There's also you know user sort of community developed blacklists and so forth you may know about there's the mail. Abuse working group where an industry group of industry practitioners came together and said OK we want to try and improve this situation solve these problems how can we come up with best practices and so forth. Then there are some standards based one sender policy framework D. Kim these are ways to say what hosts can send on on behalf of a given domain whether authorized. But there's legitimate uses for changing the source. You know of. The piece of e-mail like you might want to send something on behalf of somebody else. You know if you if you're sending you know a huge e-mail campaign you might one do it from your laptop you you send it to a third party but you want to know who they want you want the people receiving it to know who it's from notionally if they were and if they were applied for it to go to you. Guinness Book of things is the last class of things they'll talk about so you know probably all know is the Domain Name Service So it's how you use how you know how to map a name to an IP address right so. That things that attacks that exist and it's been seen there are cash poisoning attacks where people inject. They inject extra data. Through a. You know utilizing the some some form some combination of guessing and other things to inject incorrect information into caching servers so users query caching server for an answer and that it's possible for an adversary to to put that information in there that will end up getting served to users and take them away from where they think they are supposed to go. D.N.A. is the main proposed solution to this scene you know variable extremely limited. Course fairly limited deployment and why. So you know if it provides a clear authorization chain for validation using cryptography and so forth but. There's also residual risks their client cache communication is still not protected. Also has potential for. Amplification attacks because you can submit a relatively small request and get like a mountain of stuff in response and if you spoof the IP address of who made the query then that huge response will go to the. To the victim let's call them and so it's another case of well is the cure. More problematic than the disease. Also sometimes people miss configure it shooting. Selves in the foot where they did miss configured it and since it's a D.N.A. protected domain if they screw up the configuration it'll invalidate everything that's coming out for that domain and so you know it'll take them off the off line and we've seen that happen with even go you know governmental agencies who've messed it up so the way to work around that is to deploy what's called a negative trust banker and basically sort of say OK we're going to we're going to a white list the things from that domain even though they seem wrong because we don't want to like all be unreachable and broken so it's kind of a workaround. And those are the main things that I want to talk about. Just to wrap up the you know. The idea was to talk about how many different parties are involved in network security you know what the lifecycle is and you know. The cryptic title was you know another way of saying why aren't things fixed yet so with that I'll take questions if anybody doesn't make any sense. Right. So that. It's like. Right. Right so the question was about. If I think I understood right how do you guarantee that the delivery path of the traffic is what you intended to be and not diverted through some third party so even beyond R.P. kid R P K I R O V. Rad or Arjun validation depending on R.P.I. there's. Another B.G.P. security protocol called B G P SEC or path SEC path security which attempts to validate the not just that the origin is correct on the B.G.P. route but that the path that. It's in the the route as it as a reaches you is correct and intended. This is it even more complex thing to get right especially given the number so it's a it's a standard that's just recently been approved in the I.D.F. but its. Its deployment prospects I'd say are very unclear because it's more complicated to get correct. It's interplay with the various ways people have deployed and used P.G.P. are. Unknown because it may not match all use cases that exist so you know you're right to bring up that point and people have shown even with the route origin validation that there's ways to attack it and since it's only checking the last a few If an attacker can can basically forge a message with the you know correct terminal A.S. it won't necessarily be. You know it will be considered valid by the by the router that receives it even if some of the intermediate things are not correct so it's a residual risk to that I forgot to mention but yes. Any other questions. You know everybody has to get the classes.