nanog mailing list archives
Re: YouTube IP Hijacking
From: "Josh Karlin" <karlinjf () cs unm edu>
Date: Mon, 25 Feb 2008 11:38:41 -0700
Tomas: It's primarily a proof of concept site, to show that such an idea would be useful, but it has been running for over a year now and discovered many interesting hijacks (such as eBay/google/etc..). You're right that there is a glaring ommission, which is yesterday's youtube hijack. This is due to a bug in the sub-prefix lookup code (which can cause the IAR to miss some sub-prefix hijacks), which I'm currently fixing. Once that is done I'll rerun the IAR over yesterday's logs and it will show up. Josh On Mon, Feb 25, 2008 at 10:37 AM, Tomas L. Byrnes <tomb () byrneit net> wrote:
This is a very interesting site. However, I notice that, in the "all in the last 24 hours" it doesn't show the YouTube hijack. It does have a lot of entries for 17557, most recently on 2/17. How reliable is this system?-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Hank Nussbacher Sent: Sunday, February 24, 2008 11:33 PM To: Steven M. Bellovin; nanog () merit edu Subject: Re: YouTube IP Hijacking At 05:31 AM 25-02-08 +0000, Steven M. Bellovin wrote:Seriously -- a number of us have been warning that this could happen. More precisely, we've been warning that this could happen*again*; weall know about many older incidents, from the barely noticed to the very noisy. (AS 7007, anyone?) Something like S-BGP willstop this cold.Yes, I know there are serious deployment and operationalissues. Thequestion is this: when is the pain from routing incidentsgreat enoughthat we're forced to act? It would have been nice to have done something before this, since now all the world's script kiddies have seen what can be done."we've been warning that this could happen *again*" - this is happening every day - just look to: http://cs.unm.edu/~karlinjf/IAR/prefix.php?filter=most<http://cs.unm.edu/%7Ekarlinjf/IAR/prefix.php?filter=most> http://cs.unm.edu/~karlinjf/IAR/subprefix.php?filter=most<http://cs.unm.edu/%7Ekarlinjf/IAR/subprefix.php?filter=most> for samples. Thing is - these prefix hijacks are not big ticket sites like Youtube or Microsoft or Cisco or even whitehouse.gov - but rather just sites that never make it onto the NANOG radar. -Hank
Current thread:
- Re: YouTube IP Hijacking, (continued)
- Re: YouTube IP Hijacking Patrick W. Gilmore (Feb 24)
- Re: YouTube IP Hijacking Sean Donelan (Feb 24)
- Re: YouTube IP Hijacking Steven M. Bellovin (Feb 25)
- Secure BGP (Was: YouTube IP Hijacking) michael.dillon (Feb 25)
- Re: Secure BGP (Was: YouTube IP Hijacking) Jeroen Massar (Feb 25)
- Re: Secure BGP (Was: YouTube IP Hijacking) Sandy Murphy (Feb 25)
- Re: YouTube IP Hijacking Scott Francis (Feb 25)
- Re: YouTube IP Hijacking Hank Nussbacher (Feb 25)
- Re: YouTube IP Hijacking Patrick W. Gilmore (Feb 25)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 25)
- Re: YouTube IP Hijacking Josh Karlin (Feb 25)
- [admin] [summary] RE: YouTube IP Hijacking Alex Pilosov (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Danny McPherson (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Alex Pilosov (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Danny McPherson (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Danny McPherson (Feb 25)
- RE: [admin] [summary] RE: YouTube IP Hijacking Barry Greene (bgreene) (Feb 25)
- Re: [admin] [summary] RE: YouTube IP Hijacking Arnd Vehling (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Leo Vegoda (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Arnd Vehling (Feb 26)
- Re: [admin] [summary] RE: YouTube IP Hijacking Adrian Chadd (Feb 25)