nanog mailing list archives
Re: Prefix hijacking, how to prevent and fix currently
From: Saku Ytti <saku () ytti fi>
Date: Sun, 31 Aug 2014 21:36:08 +0300
On (2014-08-31 14:04 -0400), Doug Madory wrote: Hi,
FWIW, this is from an IP squatting operation I came across in recent weeks. I encounter these things regularly in the course of working with BGP data - probably others do too. Usually I look up the ASN or prefix and often it has already been added to someone's spam source list. When I see that, I assume the "system is working" and move on.
Some seem to avoid BGP analysis by exposing their attack only to their target. We recently saw MSFT getting our customer's more specific announcement from 60937 originated ostensibly by 35886. No on else (~200 vantage points) was receiving this more specific. Companies who are likely target for this, like MSFT and GOOG, might want to monitor DFZ and see if they are receiving prefixes no one else is receiving. -- ++ytti
Current thread:
- Re: Prefix hijacking, how to prevent and fix currently, (continued)
- Re: Prefix hijacking, how to prevent and fix currently George, Wes (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Randy Bush (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Mark Andrews (Aug 28)
- Re: Prefix hijacking, how to prevent and fix currently Matthew Kaufman (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Rob Seastrom (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Jared Mauch (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Matthew Kaufman (Aug 31)
- Re: Prefix hijacking, how to prevent and fix currently Nick Hilliard (Aug 31)
- Re: Prefix hijacking, how to prevent and fix currently Matthew Kaufman (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Saku Ytti (Aug 31)
- Re: Prefix hijacking, how to prevent and fix currently Matthew Petach (Aug 31)