questions regarding prefix hijacking

Ahad Aboss ahad at
Wed Aug 7 11:23:49 UTC 2013

It has happened in the past and there is no silver bullet solution to
prevent this 100%.

-----Original Message-----
From: Martin T [mailto:m4rtntns at]
Sent: Wednesday, 7 August 2013 7:13 PM
To: Paul Ferguson
Cc: nanog at
Subject: Re: questions regarding prefix hijacking

Ok. And such attacks have happened in the past? For example one could do a
pretty widespread damage for at least short period of time if it announces
for example some of the root DNS server prefixes(as long prefixes as
possible) to it's upstream provider and as upstream provider probably
prefers client traffic over it's peerings or upstreams, it will prefer
those routes by malicious ISP for all the traffic to root DNS servers?


2013/8/7, Paul Ferguson <fergdawgster at>:
> Unfortunately, it is way too easy for people to inject routes into the
> global routing system.
> I think most of the folks on the list can attest to that. :-)
> - ferg
> On Wed, Aug 7, 2013 at 1:20 AM, Martin T <m4rtntns at> wrote:
>> Hi,
>> as probably many of you know, it's possible to create a "route"
>> object to RIPE database for an address space which is allocated
>> outside the RIPE region using the RIPE-NCC-RPSL-MNT maintainer
>> object. For example an address space is from APNIC or ARIN region and
>> AS is from RIPE region. For example a LIR in RIPE region creates a
>> "route" object to RIPE database for by Turner
>> Broadcasting System) prefix without having written permission from
>> Turner Broadcasting System and as this LIR uses up-link providers who
>> create prefix filters automatically according to RADb database
>> entries, this ISP is soon able to announce this
>> prefix to Internet. This should disturb the availability of the real
>> network on Internet? Has there been such situations
>> in history? Isn't there a method against such hijacking? Or have I
>> misunderstood something and this isn't possible?
>> regards,
>> Martin
> --
> "Fergie", a.k.a. Paul Ferguson
>  fergdawgster(at)

More information about the NANOG mailing list