questions regarding prefix hijacking

Paul Ferguson fergdawgster at
Wed Aug 7 10:07:04 UTC 2013

On Wed, Aug 7, 2013 at 2:13 AM, Martin T <m4rtntns at> wrote:

> Ok. And such attacks have happened in the past? For example one could
> do a pretty widespread damage for at least short period of time if it
> announces for example some of the root DNS server prefixes(as long
> prefixes as possible) to it's upstream provider and as upstream
> provider probably prefers client traffic over it's peerings or
> upstreams, it will prefer those routes by malicious ISP for all the
> traffic to root DNS servers?

Historically, most prefix hijacks have been accidental, generally due
to configuration error -- for instance:

Having said that, there are quite a few documented cases of it being
done intentionally, and for nefarious purposes.

- ferg

"Fergie", a.k.a. Paul Ferguson

More information about the NANOG mailing list