RE: YouTube IP Hijacking

["Tomas L. Byrnes" <tomb () byrneit net>]

This is a very interesting site. However, I notice that, in the "all in
the last 24 hours" it doesn't show the YouTube hijack. It does have a
lot of entries for 17557, most recently on 2/17.

How reliable is this system?

 

> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On 
> Behalf Of Hank Nussbacher
> Sent: Sunday, February 24, 2008 11:33 PM
> To: Steven M. Bellovin; nanog () merit edu
> Subject: Re: YouTube IP Hijacking
>
>
> At 05:31 AM 25-02-08 +0000, Steven M. Bellovin wrote:
>
> > Seriously -- a number of us have been warning that this could happen.
> > More precisely, we've been warning that this could happen 
> *again*; we 
> > all know about many older incidents, from the barely noticed to the 
> > very noisy.  (AS 7007, anyone?)  Something like S-BGP will 
> stop this cold.
> > Yes, I know there are serious deployment and operational 
> issues.  The 
> > question is this: when is the pain from routing incidents 
> great enough 
> > that we're forced to act?  It would have been nice to have done 
> > something before this, since now all the world's script kiddies have 
> > seen what can be done.
>
> "we've been warning that this could happen *again*" - this is 
> happening every day - just look to:
> http://cs.unm.edu/~karlinjf/IAR/prefix.php?filter=most
> http://cs.unm.edu/~karlinjf/IAR/subprefix.php?filter=most
> for samples.  Thing is - these prefix hijacks are not big 
> ticket sites like Youtube or Microsoft or Cisco or even 
> whitehouse.gov - but rather just sites that never make it 
> onto the NANOG radar.
>
> -Hank