Re: questions regarding prefix hijacking

[Mark Andrews <marka () isc org>]

In message <bd2d7aeac3fa49afa090e4869977d227 () BLUPR03MB166 namprd03 prod.outlook
.com>, Marsh Ray writes:
> > From: Christopher Morrow
> > Sent: Wednesday, August 7, 2013 2:06 PM
> >
> > On Wed, Aug 7, 2013 at 4:59 PM, Marsh Ray <maray () microsoft com> wrote:
> > > It would be incredibly useful for someone to start a page or a
> > > category on
> > > Wikipedia "List of Internet Routing and DNS Incidents" that would
> > > include
> > > both "accidental" and malicious events.
> >
> > do we really need that?
>
> Have you ever heard of someone using IP addresses as an access control
> mechanism? (AKA, "IP whitelist")

Yes.  I've even had to configure my DHCP client to auto generate requests
to get the whitelist updated when my ISP gives my cable modem a new address.

They are used all the time to allow access to DNS servers.  If fact we
ship nameservers where the default setting whitelist particular sets
of clients (directly connected) by default.

> When I hear about this, I would really *love* to be able to link them to
> a credible source.
>
> > they seem to occur often enough that that isn't really required :(
>
> *I* believe you, but in practice that's not sufficient to convince many
> other folks.
> Currently, a section of a page on Wikipedia lists 7 incidents going back
> to 1997.
> http://en.wikipedia.org/wiki/IP_hijacking#Public_incidents
>
> Serious question: Do folks here feel that is an accurate representation
> of this phenomenon in practice?
>
> - Marsh
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org