questions regarding prefix hijacking

Ahad Aboss ahad at telcoinabox.com
Wed Aug 7 11:23:49 UTC 2013


It has happened in the past and there is no silver bullet solution to
prevent this 100%.


-----Original Message-----
From: Martin T [mailto:m4rtntns at gmail.com]
Sent: Wednesday, 7 August 2013 7:13 PM
To: Paul Ferguson
Cc: nanog at nanog.org
Subject: Re: questions regarding prefix hijacking

Ok. And such attacks have happened in the past? For example one could do a
pretty widespread damage for at least short period of time if it announces
for example some of the root DNS server prefixes(as long prefixes as
possible) to it's upstream provider and as upstream provider probably
prefers client traffic over it's peerings or upstreams, it will prefer
those routes by malicious ISP for all the traffic to root DNS servers?


regards,
Martin

2013/8/7, Paul Ferguson <fergdawgster at gmail.com>:
> Unfortunately, it is way too easy for people to inject routes into the
> global routing system.
>
> I think most of the folks on the list can attest to that. :-)
>
> - ferg
>
>
> On Wed, Aug 7, 2013 at 1:20 AM, Martin T <m4rtntns at gmail.com> wrote:
>
>> Hi,
>>
>> as probably many of you know, it's possible to create a "route"
>> object to RIPE database for an address space which is allocated
>> outside the RIPE region using the RIPE-NCC-RPSL-MNT maintainer
>> object. For example an address space is from APNIC or ARIN region and
>> AS is from RIPE region. For example a LIR in RIPE region creates a
>> "route" object to RIPE database for 157.166.266.0/24(used by Turner
>> Broadcasting System) prefix without having written permission from
>> Turner Broadcasting System and as this LIR uses up-link providers who
>> create prefix filters automatically according to RADb database
>> entries, this ISP is soon able to announce this 157.166.266.0/24
>> prefix to Internet. This should disturb the availability of the real
>> 157.166.266.0/24 network on Internet? Has there been such situations
>> in history? Isn't there a method against such hijacking? Or have I
>> misunderstood something and this isn't possible?
>>
>>
>> regards,
>> Martin
>>
>
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  fergdawgster(at)gmail.com
>



More information about the NANOG mailing list