BGP Attack - Best Defense ?

• Previous message (by thread): BGP Attack - Best Defense ?
• Next message (by thread): BGP Attack - Best Defense ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You need to contact 1st their directly connected provider, 2nd contact your upstream provider and ask that they contact their peers and negate the announcement. 3rd if this is an ARIN provided block contact them as you do pay for your allocation and they will have the contacts to resolve the issue. You cannot normally announce smaller than a /24


----- Original Message -----
From: "Scott Weeks" [surfer at mauigateway.com]
Sent: 08/29/2008 03:50 PM MST
To: <nanog at merit.edu>
Subject: Re: BGP Attack - Best Defense ?





------- jfesler at gigo.com wrote: -------
From: Jason Fesler <jfesler at gigo.com>

> I am signed up for the Prefix Hijack Alert System 
> (phas.netsec.colostate.edu) and would be alerted in about 6 hours (or 
> less?) about a prefix announcement change.

Would the alerts go to a mail server behind said BGP prefixes?
---------------------------------------

They would go to me.  They have been coming to me since I heard about this service on NANOG.  

Thanks folks at Colorado State University! :-)


--------------------------------------
Also, if you're gonna bother at all.. I'd humbly suggest that 6 hours is 
too long to wait.  Without naming names, consider if this response time is 
adequate, and if not, look at some of the commercial options.
--------------------------------------

I'm currently on an eyeball network and no one is physically close to me, since I'm in Hawaii (the most isolated land mass in the world).  Even though the TTL changes in this attack, the physics don't.  The gamers would probably be the first alert folks as they would see the delay regardless of what their traceroutes say...  ;-)  In this attack the traffic makes it to both end-points.  The middle is what changes.



Restating my question differently:  If the attacker is announcing a /24 of mine, I figure it out some how and I start announcing the same.  What happens if the attacker doesn't stop? 





This e-mail may contain confidential and/or privileged information. If you are
not the intended recipient (or have received this e-mail in error) please 
notify the sender immediately and destroy this e-mail. Any unauthorized 
copying, disclosure or distribution of the material in this e-mail is strictly 
forbidden.

• Previous message (by thread): BGP Attack - Best Defense ?
• Next message (by thread): BGP Attack - Best Defense ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]