nanog mailing list archives

Re: odd hijack

From: steve () telecomplete co uk
Date: Fri, 10 Nov 2006 11:01:02 +0000


the preso link is below, you didnt read it yet.. :)

you can hijack any address space providing your route is preferred either because it is more specific, less specific, 
shorter as-path.. 

Steve

On Thu, Nov 09, 2006 at 10:59:20PM -0700, Josh Karlin wrote:


Wouldn't they want to hijack more specifics to spam?  I doubt much of
that space is going to correctly route for spamming purposes.

On 11/9/06, Hank Nussbacher <hank () efes iucc ac il> wrote:


On Thu, 9 Nov 2006, Josh Karlin wrote:

Here is one that is somewhat the opposite, the AS announced a
significant portion of IANA allocated space.  Note, they are large
blocks and as such probably did not cause much damage because most
networks announce more specifics.  My question to the community is,
what kind of misconfiguration could cause this set of prefixes to be
announced?   I asked the AS responsible, but have not had a response.


Misconfiguration? :-)  That's a nice word for spammer.  See Joe's PPT at:
http://www.uoregon.edu/~joe/maawg8/maawg8.ppt

AS29449 is not the problem.  It is the upstreams of AS5602 (KPNQwest
Italia) and AS286 (KPN) that let this crap leak.

-Hank Nussbacher
http://www.interall.co.il


-- 
Stephen J. Wilcox
BSc (Hons).  CCIE #10730
Technical Director, Telecomplete
http://www.telecomplete.co.uk/

Current thread:

odd hijack Josh Karlin (Nov 09)
- Re: odd hijack Hank Nussbacher (Nov 09)
  - Re: odd hijack Josh Karlin (Nov 09)
    - Re: odd hijack Hank Nussbacher (Nov 10)
    - Re: odd hijack steve (Nov 10)
    - Re: odd hijack Nick Feamster (Nov 10)
    - Re: odd hijack Randy Bush (Nov 10)
    - Re: odd hijack Josh Karlin (Nov 10)
    - Re: odd hijack Randy Bush (Nov 10)
    - Re: odd hijack Nick Feamster (Nov 10)
  - Re: odd hijack Nick Feamster (Nov 10)
- Re: odd hijack Michael . Dillon (Nov 10)