odd hijack

steve at telecomplete.co.uk steve at telecomplete.co.uk
Fri Nov 10 11:01:02 UTC 2006


the preso link is below, you didnt read it yet.. :)

you can hijack any address space providing your route is preferred either because it is more specific, less specific, shorter as-path.. 

Steve

On Thu, Nov 09, 2006 at 10:59:20PM -0700, Josh Karlin wrote:
> 
> Wouldn't they want to hijack more specifics to spam?  I doubt much of
> that space is going to correctly route for spamming purposes.
> 
> On 11/9/06, Hank Nussbacher <hank at efes.iucc.ac.il> wrote:
> >
> >On Thu, 9 Nov 2006, Josh Karlin wrote:
> >
> >> Here is one that is somewhat the opposite, the AS announced a
> >> significant portion of IANA allocated space.  Note, they are large
> >> blocks and as such probably did not cause much damage because most
> >> networks announce more specifics.  My question to the community is,
> >> what kind of misconfiguration could cause this set of prefixes to be
> >> announced?   I asked the AS responsible, but have not had a response.
> >
> >Misconfiguration? :-)  That's a nice word for spammer.  See Joe's PPT at:
> >http://www.uoregon.edu/~joe/maawg8/maawg8.ppt
> >
> >AS29449 is not the problem.  It is the upstreams of AS5602 (KPNQwest
> >Italia) and AS286 (KPN) that let this crap leak.
> >
> >-Hank Nussbacher
> >http://www.interall.co.il
> >
> >

-- 
Stephen J. Wilcox
BSc (Hons).  CCIE #10730
Technical Director, Telecomplete
http://www.telecomplete.co.uk/




More information about the NANOG mailing list