Hijacked IP space.
Suresh Ramasubramanian
suresh at outblaze.com
Tue Nov 4 10:24:16 UTC 2003
Jamie Reid writes on 11/4/2003 12:54 AM:
> Are they taking advantage of sloppy redistribution configurations, 0wning
> routers, spoofing OSPF updates, taking advantage of default static
> routes, or is there something more complicated at work?
Sometimes as simple as social engineering - a company goes out of
business, but still has a /16 allocated to it. So what happens is that
some fake letterheads get typed up (and possibly the company name
re-registered "under new management), and a request for routing these
blocks goes out ...
Then you get (say) a T1 from some random ISP, and then get them to
announce the /16.
srs
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
More information about the NANOG
mailing list