YouTube IP Hijacking

• Previous message (by thread): YouTube IP Hijacking
• Next message (by thread): [admin] [summary] RE: YouTube IP Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tomas:

It's primarily a proof of concept site, to show that such an idea would be
useful, but it has been running for over a year now and discovered many
interesting hijacks (such as eBay/google/etc..).

You're right that there is a glaring ommission, which is yesterday's youtube
hijack.  This is due to a bug in the sub-prefix lookup code (which can cause
the IAR to miss some sub-prefix hijacks), which I'm currently fixing.  Once
that is done I'll rerun the IAR over yesterday's logs and it will show up.

Josh


On Mon, Feb 25, 2008 at 10:37 AM, Tomas L. Byrnes <tomb at byrneit.net> wrote:

>
> This is a very interesting site. However, I notice that, in the "all in
> the last 24 hours" it doesn't show the YouTube hijack. It does have a
> lot of entries for 17557, most recently on 2/17.
>
> How reliable is this system?
>
>
>
> > -----Original Message-----
> > From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On
> > Behalf Of Hank Nussbacher
> > Sent: Sunday, February 24, 2008 11:33 PM
> > To: Steven M. Bellovin; nanog at merit.edu
> > Subject: Re: YouTube IP Hijacking
> >
> >
> > At 05:31 AM 25-02-08 +0000, Steven M. Bellovin wrote:
> >
> > >Seriously -- a number of us have been warning that this could happen.
> > >More precisely, we've been warning that this could happen
> > *again*; we
> > >all know about many older incidents, from the barely noticed to the
> > >very noisy.  (AS 7007, anyone?)  Something like S-BGP will
> > stop this cold.
> > >
> > >Yes, I know there are serious deployment and operational
> > issues.  The
> > >question is this: when is the pain from routing incidents
> > great enough
> > >that we're forced to act?  It would have been nice to have done
> > >something before this, since now all the world's script kiddies have
> > >seen what can be done.
> >
> > "we've been warning that this could happen *again*" - this is
> > happening every day - just look to:
> > http://cs.unm.edu/~karlinjf/IAR/prefix.php?filter=most<http://cs.unm.edu/%7Ekarlinjf/IAR/prefix.php?filter=most>
> > http://cs.unm.edu/~karlinjf/IAR/subprefix.php?filter=most<http://cs.unm.edu/%7Ekarlinjf/IAR/subprefix.php?filter=most>
> > for samples.  Thing is - these prefix hijacks are not big
> > ticket sites like Youtube or Microsoft or Cisco or even
> > whitehouse.gov - but rather just sites that never make it
> > onto the NANOG radar.
> >
> > -Hank
> >
> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080225/b3571cb0/attachment.html>

• Previous message (by thread): YouTube IP Hijacking
• Next message (by thread): [admin] [summary] RE: YouTube IP Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]