questions regarding prefix hijacking

Mark Andrews marka at isc.org
Thu Aug 8 00:19:01 UTC 2013


In message <bd2d7aeac3fa49afa090e4869977d227 at BLUPR03MB166.namprd03.prod.outlook
.com>, Marsh Ray writes:
> > From: Christopher Morrow
> > Sent: Wednesday, August 7, 2013 2:06 PM
> >
> > On Wed, Aug 7, 2013 at 4:59 PM, Marsh Ray <maray at microsoft.com> wrote:
> > >
> > > It would be incredibly useful for someone to start a page or a
> > > category on
> > > Wikipedia "List of Internet Routing and DNS Incidents" that would
> > > include
> > > both "accidental" and malicious events.
> >
> > do we really need that?
>
> Have you ever heard of someone using IP addresses as an access control
> mechanism? (AKA, "IP whitelist")

Yes.  I've even had to configure my DHCP client to auto generate requests
to get the whitelist updated when my ISP gives my cable modem a new address.

They are used all the time to allow access to DNS servers.  If fact we
ship nameservers where the default setting whitelist particular sets
of clients (directly connected) by default.

> When I hear about this, I would really *love* to be able to link them to
> a credible source.
>
> > they seem to occur often enough that that isn't really required :(
>
> *I* believe you, but in practice that's not sufficient to convince many
> other folks.
> Currently, a section of a page on Wikipedia lists 7 incidents going back
> to 1997.
> http://en.wikipedia.org/wiki/IP_hijacking#Public_incidents
>
> Serious question: Do folks here feel that is an accurate representation
> of this phenomenon in practice?
>
> - Marsh
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the NANOG mailing list