[164884] in North American Network Operators' Group
Re: questions regarding prefix hijacking
daemon@ATHENA.MIT.EDU (Mark Andrews)
Wed Aug 7 20:19:52 2013
To: Marsh Ray <maray@microsoft.com>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Wed, 07 Aug 2013 21:47:26 +0000."
<bd2d7aeac3fa49afa090e4869977d227@BLUPR03MB166.namprd03.prod.outlook.com>
Date: Thu, 08 Aug 2013 10:19:01 +1000
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <bd2d7aeac3fa49afa090e4869977d227@BLUPR03MB166.namprd03.prod.outlook
.com>, Marsh Ray writes:
> > From: Christopher Morrow
> > Sent: Wednesday, August 7, 2013 2:06 PM
> >
> > On Wed, Aug 7, 2013 at 4:59 PM, Marsh Ray <maray@microsoft.com> wrote:
> > >
> > > It would be incredibly useful for someone to start a page or a
> > > category on
> > > Wikipedia "List of Internet Routing and DNS Incidents" that would
> > > include
> > > both "accidental" and malicious events.
> >
> > do we really need that?
>
> Have you ever heard of someone using IP addresses as an access control
> mechanism? (AKA, "IP whitelist")
Yes. I've even had to configure my DHCP client to auto generate requests
to get the whitelist updated when my ISP gives my cable modem a new address.
They are used all the time to allow access to DNS servers. If fact we
ship nameservers where the default setting whitelist particular sets
of clients (directly connected) by default.
> When I hear about this, I would really *love* to be able to link them to
> a credible source.
>
> > they seem to occur often enough that that isn't really required :(
>
> *I* believe you, but in practice that's not sufficient to convince many
> other folks.
> Currently, a section of a page on Wikipedia lists 7 incidents going back
> to 1997.
> http://en.wikipedia.org/wiki/IP_hijacking#Public_incidents
>
> Serious question: Do folks here feel that is an accurate representation
> of this phenomenon in practice?
>
> - Marsh
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
