a fun hijack: 1/8, 2/8, 3/8, 4/8, 5/8, 7/8, 8/8, 12/8 briefly announced by AS 23520 (today)

Thu Jun 8 09:05:55 UTC 2006

On Wed, 2006-06-07 at 11:01 -0700, Josh Karlin wrote:
> Check out the IAR for "Potential Prefix Hijacks" and if you're coming
> to this more than 24 hours after the post, do a search on AS 23520 as
> the hijacking AS.
> 
> I don't know how long the routes were announced, but they seem to be
> gone now.  Or maybe the IAR is horribly broken, in which case I will
> be lynched :)

You are the broken part, due to the mere simple fact that you accept
those routes. That your uplinks are accepting them also means that you
are not paying them enough so that they don't accept them either.

But in ARIN land you have an excuse, more or less, as there is not a
real 'good' routing database. In RIPE land we at least have route+route6
objects in the RIPE database where one can filter on, but that is only
for RIPE. A sane and complete routing information database would already
considerably help here. RADB is nice but does not help much to make the
info complete. Also anybody can then still announce the prefix with the
correct source ASN and other nasty tricks.

In the end, the complete solution to most of these issues will be in the
form of S-BGP (http://www.ir.bbn.com/sbgp/) and similar solutions.

And the IETF is fortunately working on this:
http://www.ietf.org/html.charters/sidr-charter.html
It might take some time still, but it will come one day and then these
issues are gone.

At the moment you'll just have to trust your peers and try to get them
to implement a sane policy on what kind of announcements they accept or
not.

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 313 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060608/b9fb1f04/attachment.sig>