[167284] in North American Network Operators' Group
Re: =?utf-8?B?U29tZW9uZeKAmXMgQmVl?= =?utf-8?Q?n?= Siphoning Data
daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)
Fri Dec 6 15:06:12 2013
Date: Fri, 6 Dec 2013 20:57:39 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <9609A22F-5397-4084-8162-146321E7465E@puck.nether.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Dec 06, 2013 at 01:05:54PM -0500,
Jared Mauch <jared@puck.nether.net> wrote
a message of 36 lines which said:
> I've detected 11.6 million of these events since 2008 just looking at the
> route-views data. Most recently the past two days 701 has done a large MITM of
> traffic.
The big novelty in the Renesys paper is the proof (with traceroute)
that there was a return path, something which did not exist in the
famous Pakistan Telecom case, or in most (all?) other BGP
hijackings. This return path allows to attacker to really get access
to the data with little chance of the victim noticing. That's
something new.
