nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: questions regarding prefix hijacking

From: Martin T <m4rtntns () gmail com>
Date: Wed, 7 Aug 2013 12:13:17 +0300
Ok. And such attacks have happened in the past? For example one could
do a pretty widespread damage for at least short period of time if it
announces for example some of the root DNS server prefixes(as long
prefixes as possible) to it's upstream provider and as upstream
provider probably prefers client traffic over it's peerings or
upstreams, it will prefer those routes by malicious ISP for all the
traffic to root DNS servers?


regards,
Martin

2013/8/7, Paul Ferguson <fergdawgster () gmail com>:

Unfortunately, it is way too easy for people to inject routes into the
global routing system.

I think most of the folks on the list can attest to that. :-)

- ferg


On Wed, Aug 7, 2013 at 1:20 AM, Martin T <m4rtntns () gmail com> wrote:


Hi,

as probably many of you know, it's possible to create a "route" object
to RIPE database for an address space which is allocated outside the
RIPE region using the RIPE-NCC-RPSL-MNT maintainer object. For example
an address space is from APNIC or ARIN region and AS is from RIPE
region. For example a LIR in RIPE region creates a "route" object to
RIPE database for 157.166.266.0/24(used by Turner Broadcasting System)
prefix without having written permission from Turner Broadcasting
System and as this LIR uses up-link providers who create prefix
filters automatically according to RADb database entries, this ISP is
soon able to announce this 157.166.266.0/24 prefix to Internet. This
should disturb the availability of the real 157.166.266.0/24 network
on Internet? Has there been such situations in history? Isn't there a
method against such hijacking? Or have I misunderstood something and
this isn't possible?


regards,
Martin





--
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com
Previous By Date Next
Previous By Thread Next

Current thread: