[93370] in North American Network Operators' Group
Re: odd hijack
daemon@ATHENA.MIT.EDU (Nick Feamster)
Fri Nov 10 12:01:35 2006
Date: Fri, 10 Nov 2006 11:55:19 -0500
From: Nick Feamster <feamster@cc.gatech.edu>
To: steve@telecomplete.co.uk
Cc: Josh Karlin <karlinjf@cs.unm.edu>,
Hank Nussbacher <hank@efes.iucc.ac.il>, nanog@nanog.org
In-Reply-To: <20061110110102.GU16437@mail4.tck.telecomplete.net>
Errors-To: owner-nanog@merit.edu
On Fri, Nov 10, 2006 at 11:01:02AM +0000, steve@telecomplete.co.uk wrote:
>
> the preso link is below, you didnt read it yet.. :)
>
> you can hijack any address space providing your route is preferred either because it is more specific, less specific, shorter as-path..
Slides 13-15 of our Feb 2006 NANOG talk show examples of this and describe the
motivation.
The technique us also described in detail in our SIGCOMM paper, along with
several other observations about why doing things like looking at "uncommon
origin ASes" to detect a determined hijacker is unlikely to ever be successful
at detecting a malicious hijack (as opposed to a misconfiguration).
-Nick
