nanog mailing list archives
Re: Prefix Hijack Tool Comaprision
From: Jack Bates <jbates () brightok net>
Date: Thu, 13 Nov 2008 14:33:06 -0600
Todd Underwood wrote:
i said that *this* hijacking took place in an insignificant corner of the internet. i mean this AS-map wise rather than geographically. this hijacking didn't even spread beyond one or two ASes, one of whomjust happened to be a RIPE RIS peer.
Yet for someone monitoring from their own perspective, what matters to them is what their own AS is seeing. If a hijacking makes it to their AS, they want to be concerned.
real hijackings leak into dozens or hundreds or thousands of ASNs. they spread far and wide. that's why people carry them out, when they do. this one was stopped in its tracks in a very small portion of onecorner of the AS graph.
Wasn't there a dns hijack not long ago that only had the scope of one ISP (who just happened to be extremely large and carried a bunch of cell phones)? Just because a hijack only covers a small portion of the net doesn't make it any less effective. This is why we push to get as many access controls as far out to the edge as possible. If it only effects the person who tries it, then it has no bearing.
as such, i don't count it as a hijacking or leak of any great significance and wouldn't want to alert anyone about it. that's why i recommend that prefix hijacking detection systems do thresholding of peers to prevent a single, rogue, unrepresentative peer from reporting a hijacking when none is really happening. others may have a different approach, but without thresholding prefix alert systems can be noisy and more trouble than they are worth.
Thresholds might be important, but different mileage, yada yada. Jack
Current thread:
- Prefix Hijack Tool Comaprision Scott Weeks (Nov 13)
- Re: Prefix Hijack Tool Comaprision Hank Nussbacher (Nov 13)
- Re: Prefix Hijack Tool Comaprision Todd Underwood (Nov 13)
- <Possible follow-ups>
- Re: Prefix Hijack Tool Comaprision Scott Weeks (Nov 13)
- Re: Prefix Hijack Tool Comaprision Alexander Harrowell (Nov 13)
- Re: Prefix Hijack Tool Comaprision Todd Underwood (Nov 13)
- Re: Prefix Hijack Tool Comaprision Jack Bates (Nov 13)
- Re: Prefix Hijack Tool Comaprision Danny McPherson (Nov 13)
- Re: Prefix Hijack Tool Comaprision Andree Toonk (Nov 17)
- Re: Prefix Hijack Tool Comaprision Todd Underwood (Nov 13)
- Re: Prefix Hijack Tool Comaprision Alexander Harrowell (Nov 13)
- Re: Prefix Hijack Tool Comaprision Martin List-Petersen (Nov 13)
- Re: Prefix Hijack Tool Comaprision Mohit Lad (Nov 13)
- Re: Prefix Hijack Tool Comaprision Josh Karlin (Nov 13)
- Re: Prefix Hijack Tool Comaprision Hank Nussbacher (Nov 13)