[164874] in North American Network Operators' Group
Re: questions regarding prefix hijacking
daemon@ATHENA.MIT.EDU (Indra Pramana)
Wed Aug 7 12:32:08 2013
In-Reply-To: <b1f542a778388dd19ae2570bf16699f1@mail.gmail.com>
Date: Thu, 8 Aug 2013 00:29:45 +0800
From: Indra Pramana <indra@sg.or.id>
To: Ahad Aboss <ahad@telcoinabox.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
One big happening I can recall was the AS7007 incident way back in 1997.
http://en.wikipedia.org/wiki/AS_7007_incident
Cheers.
On Wed, Aug 7, 2013 at 7:23 PM, Ahad Aboss <ahad@telcoinabox.com> wrote:
> It has happened in the past and there is no silver bullet solution to
> prevent this 100%.
>
>
> -----Original Message-----
> From: Martin T [mailto:m4rtntns@gmail.com]
> Sent: Wednesday, 7 August 2013 7:13 PM
> To: Paul Ferguson
> Cc: nanog@nanog.org
> Subject: Re: questions regarding prefix hijacking
>
> Ok. And such attacks have happened in the past? For example one could do a
> pretty widespread damage for at least short period of time if it announces
> for example some of the root DNS server prefixes(as long prefixes as
> possible) to it's upstream provider and as upstream provider probably
> prefers client traffic over it's peerings or upstreams, it will prefer
> those routes by malicious ISP for all the traffic to root DNS servers?
>
>
> regards,
> Martin
>
> 2013/8/7, Paul Ferguson <fergdawgster@gmail.com>:
> > Unfortunately, it is way too easy for people to inject routes into the
> > global routing system.
> >
> > I think most of the folks on the list can attest to that. :-)
> >
> > - ferg
> >
> >
> > On Wed, Aug 7, 2013 at 1:20 AM, Martin T <m4rtntns@gmail.com> wrote:
> >
> >> Hi,
> >>
> >> as probably many of you know, it's possible to create a "route"
> >> object to RIPE database for an address space which is allocated
> >> outside the RIPE region using the RIPE-NCC-RPSL-MNT maintainer
> >> object. For example an address space is from APNIC or ARIN region and
> >> AS is from RIPE region. For example a LIR in RIPE region creates a
> >> "route" object to RIPE database for 157.166.266.0/24(used by Turner
> >> Broadcasting System) prefix without having written permission from
> >> Turner Broadcasting System and as this LIR uses up-link providers who
> >> create prefix filters automatically according to RADb database
> >> entries, this ISP is soon able to announce this 157.166.266.0/24
> >> prefix to Internet. This should disturb the availability of the real
> >> 157.166.266.0/24 network on Internet? Has there been such situations
> >> in history? Isn't there a method against such hijacking? Or have I
> >> misunderstood something and this isn't possible?
> >>
> >>
> >> regards,
> >> Martin
> >>
> >
> >
> >
> > --
> > "Fergie", a.k.a. Paul Ferguson
> > fergdawgster(at)gmail.com
> >
>
>
