Prefix hijacking, how to prevent and fix currently

Christopher Morrow morrowc.lists at gmail.com
Tue Sep 2 16:51:14 UTC 2014


On Tue, Sep 2, 2014 at 12:08 PM, Job Snijders <job at instituut.net> wrote:
> On Tue, Sep 02, 2014 at 11:53:15AM -0400, Christopher Morrow wrote:
>> On Tue, Sep 2, 2014 at 11:25 AM, Job Snijders <job at instituut.net> wrote:
>>
>> > What is the real damage of hijacking a prefix which is not in use?
>>
>> 'not in use' ... where?
>>
>> What if the 'owner' of the block has the block only routed
>> 'internally' (either behind gateways/firewalls/airgaps or just inside
>> their ASN) The expectation of the 'owner' is that they are using the
>> space and it's not routed 'somewhere else', right?
>
> Interesting point. A commmon approach is to announce such internal
> prefixes and blackhole packets to and from at a border.

there are lots of belts/suspenders ways to fix this, yes.

> Alternatively they could set "AS 0" in the ROA of such 'not globally
> used' prefixes.  I don't think loose mode should apply to 'AS 0' ROAs.

ok


More information about the NANOG mailing list