[164868] in North American Network Operators' Group
Re: questions regarding prefix hijacking
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Wed Aug 7 06:07:48 2013
In-Reply-To: <CAJx5YvF0K_aM3Kb46RLWU3g9BKXgqCyrq_atG+WRkJLcKoshhQ@mail.gmail.com>
Date: Wed, 7 Aug 2013 03:07:04 -0700
From: Paul Ferguson <fergdawgster@gmail.com>
To: Martin T <m4rtntns@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Aug 7, 2013 at 2:13 AM, Martin T <m4rtntns@gmail.com> wrote:
> Ok. And such attacks have happened in the past? For example one could
> do a pretty widespread damage for at least short period of time if it
> announces for example some of the root DNS server prefixes(as long
> prefixes as possible) to it's upstream provider and as upstream
> provider probably prefers client traffic over it's peerings or
> upstreams, it will prefer those routes by malicious ISP for all the
> traffic to root DNS servers?
>
>
Historically, most prefix hijacks have been accidental, generally due
to configuration error -- for instance:
http://www.renesys.com/2008/02/pakistan-hijacks-youtube-1/
Having said that, there are quite a few documented cases of it being
done intentionally, and for nefarious purposes.
- ferg
--
"Fergie", a.k.a. Paul Ferguson
fergdawgster(at)gmail.com
