Hijacked IP space.

Suresh Ramasubramanian suresh at outblaze.com
Tue Nov 4 10:24:16 UTC 2003

Jamie Reid writes on 11/4/2003 12:54 AM:

> Are they taking advantage of sloppy redistribution configurations, 0wning
> routers, spoofing OSPF updates,  taking advantage of default static
> routes, or is there something more complicated at work? 

Sometimes as simple as social engineering - a company goes out of 
business, but still has a /16 allocated to it.  So what happens is that 
some fake letterheads get typed up (and possibly the company name 
re-registered "under new management), and a request for routing these 
blocks goes out ...

Then you get (say) a T1 from some random ISP, and then get them to 
announce the /16.


srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations

More information about the NANOG mailing list