nanog mailing list archives
Re: Prefix hijacking, how to prevent and fix currently
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 2 Sep 2014 11:53:15 -0400
On Tue, Sep 2, 2014 at 11:25 AM, Job Snijders <job () instituut net> wrote:
On Tue, Sep 02, 2014 at 03:08:28PM +0000, Sriram, Kotikalapudi wrote:The example that I gave was not that. In my example, C has legitimate ownership of the less specific (e.g., 192.0.2.0/23). D is malicious and attempting to hijack a subprefix (e.g., 192.0.2.0/24). Importantly, C has a created a ROA for 192.0.2.0/23 only to protect its address space, but currently *does not advertise* this prefix or any part of it. So D's more specific announcement (hijack) is 'Invalid' in this scenario, but the 'Loose' mode operation would accept/install D's route. Am I right about that? If yes, that is the side effect or CON that I was trying to highlight.You are right in your observation. What is the real damage of hijacking a prefix which is not in use?
'not in use' ... where? What if the 'owner' of the block has the block only routed 'internally' (either behind gateways/firewalls/airgaps or just inside their ASN) The expectation of the 'owner' is that they are using the space and it's not routed 'somewhere else', right? -chris
Current thread:
- Re: Prefix hijacking, how to prevent and fix currently Tarun Dua (Sep 01)
- Re: Prefix hijacking, how to prevent and fix currently Anurag Bhatia (Sep 01)
- Re: Prefix hijacking, how to prevent and fix currently Saku Ytti (Sep 01)
- <Possible follow-ups>
- Re: Prefix hijacking, how to prevent and fix currently Sriram, Kotikalapudi (Sep 01)
- Re: Prefix hijacking, how to prevent and fix currently Saku Ytti (Sep 01)
- RE: Prefix hijacking, how to prevent and fix currently Sriram, Kotikalapudi (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Job Snijders (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Christopher Morrow (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Job Snijders (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Christopher Morrow (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Job Snijders (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Ca By (Sep 03)
- Re: Prefix hijacking, how to prevent and fix currently Andree Toonk (Sep 03)
- Re: Prefix hijacking, how to prevent and fix currently Doug Madory (Sep 05)