questions regarding prefix hijacking

Martin T m4rtntns at gmail.com
Wed Aug 7 09:13:17 UTC 2013


Ok. And such attacks have happened in the past? For example one could
do a pretty widespread damage for at least short period of time if it
announces for example some of the root DNS server prefixes(as long
prefixes as possible) to it's upstream provider and as upstream
provider probably prefers client traffic over it's peerings or
upstreams, it will prefer those routes by malicious ISP for all the
traffic to root DNS servers?


regards,
Martin

2013/8/7, Paul Ferguson <fergdawgster at gmail.com>:
> Unfortunately, it is way too easy for people to inject routes into the
> global routing system.
>
> I think most of the folks on the list can attest to that. :-)
>
> - ferg
>
>
> On Wed, Aug 7, 2013 at 1:20 AM, Martin T <m4rtntns at gmail.com> wrote:
>
>> Hi,
>>
>> as probably many of you know, it's possible to create a "route" object
>> to RIPE database for an address space which is allocated outside the
>> RIPE region using the RIPE-NCC-RPSL-MNT maintainer object. For example
>> an address space is from APNIC or ARIN region and AS is from RIPE
>> region. For example a LIR in RIPE region creates a "route" object to
>> RIPE database for 157.166.266.0/24(used by Turner Broadcasting System)
>> prefix without having written permission from Turner Broadcasting
>> System and as this LIR uses up-link providers who create prefix
>> filters automatically according to RADb database entries, this ISP is
>> soon able to announce this 157.166.266.0/24 prefix to Internet. This
>> should disturb the availability of the real 157.166.266.0/24 network
>> on Internet? Has there been such situations in history? Isn't there a
>> method against such hijacking? Or have I misunderstood something and
>> this isn't possible?
>>
>>
>> regards,
>> Martin
>>
>
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  fergdawgster(at)gmail.com
>



More information about the NANOG mailing list