[174261] in North American Network Operators' Group
Re: Prefix hijacking, how to prevent and fix currently
daemon@ATHENA.MIT.EDU (Job Snijders)
Tue Sep 2 12:09:12 2014
X-Original-To: nanog@nanog.org
Date: Tue, 2 Sep 2014 18:08:35 +0200
From: Job Snijders <job@instituut.net>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <CAL9jLabfDuTpyZJrw03ig85VZfUKS_4R2QvAEzFd4=NPpvaR2Q@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>, "Sriram,
Kotikalapudi" <kotikalapudi.sriram@nist.gov>
Errors-To: nanog-bounces@nanog.org
On Tue, Sep 02, 2014 at 11:53:15AM -0400, Christopher Morrow wrote:
> On Tue, Sep 2, 2014 at 11:25 AM, Job Snijders <job@instituut.net> wrote:
>
> > What is the real damage of hijacking a prefix which is not in use?
>
> 'not in use' ... where?
>
> What if the 'owner' of the block has the block only routed
> 'internally' (either behind gateways/firewalls/airgaps or just inside
> their ASN) The expectation of the 'owner' is that they are using the
> space and it's not routed 'somewhere else', right?
Interesting point. A commmon approach is to announce such internal
prefixes and blackhole packets to and from at a border.
Alternatively they could set "AS 0" in the ROA of such 'not globally
used' prefixes. I don't think loose mode should apply to 'AS 0' ROAs.
Kind regards,
Job
