questions regarding prefix hijacking

Indra Pramana indra at sg.or.id
Wed Aug 7 16:29:45 UTC 2013


One big happening I can recall was the AS7007 incident way back in 1997.

http://en.wikipedia.org/wiki/AS_7007_incident

Cheers.



On Wed, Aug 7, 2013 at 7:23 PM, Ahad Aboss <ahad at telcoinabox.com> wrote:

> It has happened in the past and there is no silver bullet solution to
> prevent this 100%.
>
>
> -----Original Message-----
> From: Martin T [mailto:m4rtntns at gmail.com]
> Sent: Wednesday, 7 August 2013 7:13 PM
> To: Paul Ferguson
> Cc: nanog at nanog.org
> Subject: Re: questions regarding prefix hijacking
>
> Ok. And such attacks have happened in the past? For example one could do a
> pretty widespread damage for at least short period of time if it announces
> for example some of the root DNS server prefixes(as long prefixes as
> possible) to it's upstream provider and as upstream provider probably
> prefers client traffic over it's peerings or upstreams, it will prefer
> those routes by malicious ISP for all the traffic to root DNS servers?
>
>
> regards,
> Martin
>
> 2013/8/7, Paul Ferguson <fergdawgster at gmail.com>:
> > Unfortunately, it is way too easy for people to inject routes into the
> > global routing system.
> >
> > I think most of the folks on the list can attest to that. :-)
> >
> > - ferg
> >
> >
> > On Wed, Aug 7, 2013 at 1:20 AM, Martin T <m4rtntns at gmail.com> wrote:
> >
> >> Hi,
> >>
> >> as probably many of you know, it's possible to create a "route"
> >> object to RIPE database for an address space which is allocated
> >> outside the RIPE region using the RIPE-NCC-RPSL-MNT maintainer
> >> object. For example an address space is from APNIC or ARIN region and
> >> AS is from RIPE region. For example a LIR in RIPE region creates a
> >> "route" object to RIPE database for 157.166.266.0/24(used by Turner
> >> Broadcasting System) prefix without having written permission from
> >> Turner Broadcasting System and as this LIR uses up-link providers who
> >> create prefix filters automatically according to RADb database
> >> entries, this ISP is soon able to announce this 157.166.266.0/24
> >> prefix to Internet. This should disturb the availability of the real
> >> 157.166.266.0/24 network on Internet? Has there been such situations
> >> in history? Isn't there a method against such hijacking? Or have I
> >> misunderstood something and this isn't possible?
> >>
> >>
> >> regards,
> >> Martin
> >>
> >
> >
> >
> > --
> > "Fergie", a.k.a. Paul Ferguson
> >  fergdawgster(at)gmail.com
> >
>
>


More information about the NANOG mailing list