nanog mailing list archives

RE: Prefix hijacking, how to prevent and fix currently

From: Doug Madory <dmadory () renesys com>
Date: Sun, 31 Aug 2014 15:47:40 -0400

Ah yes BusinessTorg (AS60937). I have also seen this one doing what you are describing. Not to MSFT or GOOG, but 
another major technology company that we peer with. In fact, it is going on right now but only visible if you receive 
routes directly from them. A while ago, I sent them a note describing what was happening and suggested they might want 
to stop accepting routes from that AS, but they still do.

Some seem to avoid BGP analysis by exposing their attack only to their target.
We recently saw MSFT getting our customer's more specific announcement from
60937 originated ostensibly by 35886. No on else (~200 vantage points) was
receiving this more specific.

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Current thread:

Re: Prefix hijacking, how to prevent and fix currently, (continued)
- - - Re: Prefix hijacking, how to prevent and fix currently Randy Bush (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Mark Andrews (Aug 28)
  - Re: Prefix hijacking, how to prevent and fix currently Matthew Kaufman (Aug 29)
    - Re: Prefix hijacking, how to prevent and fix currently Rob Seastrom (Aug 29)
    - Re: Prefix hijacking, how to prevent and fix currently Jared Mauch (Aug 29)
    - Re: Prefix hijacking, how to prevent and fix currently Matthew Kaufman (Aug 31)
    - Re: Prefix hijacking, how to prevent and fix currently Nick Hilliard (Aug 31)
- Re: Prefix hijacking, how to prevent and fix currently Brandon Butterworth (Aug 29)
- RE: Prefix hijacking, how to prevent and fix currently Doug Madory (Aug 31)
  - Re: Prefix hijacking, how to prevent and fix currently Saku Ytti (Aug 31)
- RE: Prefix hijacking, how to prevent and fix currently Doug Madory (Aug 31)
  - Re: Prefix hijacking, how to prevent and fix currently Matthew Petach (Aug 31)