questions regarding prefix hijacking

Paul Ferguson fergdawgster at gmail.com
Wed Aug 7 10:07:04 UTC 2013


On Wed, Aug 7, 2013 at 2:13 AM, Martin T <m4rtntns at gmail.com> wrote:

> Ok. And such attacks have happened in the past? For example one could
> do a pretty widespread damage for at least short period of time if it
> announces for example some of the root DNS server prefixes(as long
> prefixes as possible) to it's upstream provider and as upstream
> provider probably prefers client traffic over it's peerings or
> upstreams, it will prefer those routes by malicious ISP for all the
> traffic to root DNS servers?
>
>

Historically, most prefix hijacks have been accidental, generally due
to configuration error -- for instance:

http://www.renesys.com/2008/02/pakistan-hijacks-youtube-1/

Having said that, there are quite a few documented cases of it being
done intentionally, and for nefarious purposes.

- ferg



-- 
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com



More information about the NANOG mailing list