nanog mailing list archives

RE: questions regarding prefix hijacking

From: Ahad Aboss <ahad () telcoinabox com>
Date: Wed, 7 Aug 2013 21:23:49 +1000

It has happened in the past and there is no silver bullet solution to
prevent this 100%.

-----Original Message-----
From: Martin T [mailto:m4rtntns () gmail com]
Sent: Wednesday, 7 August 2013 7:13 PM
To: Paul Ferguson
Cc: nanog () nanog org
Subject: Re: questions regarding prefix hijacking

Ok. And such attacks have happened in the past? For example one could do a
pretty widespread damage for at least short period of time if it announces
for example some of the root DNS server prefixes(as long prefixes as
possible) to it's upstream provider and as upstream provider probably
prefers client traffic over it's peerings or upstreams, it will prefer
those routes by malicious ISP for all the traffic to root DNS servers?

regards,
Martin

2013/8/7, Paul Ferguson <fergdawgster () gmail com>:

Unfortunately, it is way too easy for people to inject routes into the
global routing system.

I think most of the folks on the list can attest to that. :-)

- ferg


On Wed, Aug 7, 2013 at 1:20 AM, Martin T <m4rtntns () gmail com> wrote:

Hi,

as probably many of you know, it's possible to create a "route"
object to RIPE database for an address space which is allocated
outside the RIPE region using the RIPE-NCC-RPSL-MNT maintainer
object. For example an address space is from APNIC or ARIN region and
AS is from RIPE region. For example a LIR in RIPE region creates a
"route" object to RIPE database for 157.166.266.0/24(used by Turner
Broadcasting System) prefix without having written permission from
Turner Broadcasting System and as this LIR uses up-link providers who
create prefix filters automatically according to RADb database
entries, this ISP is soon able to announce this 157.166.266.0/24
prefix to Internet. This should disturb the availability of the real
157.166.266.0/24 network on Internet? Has there been such situations
in history? Isn't there a method against such hijacking? Or have I
misunderstood something and this isn't possible?


regards,
Martin




--
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com

Current thread:

Re: questions regarding prefix hijacking, (continued)
- - - Re: questions regarding prefix hijacking Valdis . Kletnieks (Aug 07)
    - RE: questions regarding prefix hijacking Marsh Ray (Aug 07)
    - Re: questions regarding prefix hijacking Christopher Morrow (Aug 07)
    - RE: questions regarding prefix hijacking Marsh Ray (Aug 07)
    - Re: questions regarding prefix hijacking Alexander Neilson (Aug 07)
    - Re: questions regarding prefix hijacking Mark Andrews (Aug 07)
    - Re: questions regarding prefix hijacking Carlos Martinez-Cagnazzo (Aug 08)
    - Re: questions regarding prefix hijacking Martin T (Aug 08)
    - Re: questions regarding prefix hijacking Saku Ytti (Aug 08)
    - Message not available
    - Re: questions regarding prefix hijacking Larry Sheldon (Aug 07)
    - RE: questions regarding prefix hijacking Ahad Aboss (Aug 07)
    - Re: questions regarding prefix hijacking Indra Pramana (Aug 07)
- Re: questions regarding prefix hijacking Saku Ytti (Aug 07)
  - Re: questions regarding prefix hijacking Paul Ferguson (Aug 07)
    - Re: questions regarding prefix hijacking Mark Andrews (Aug 07)
- Re: questions regarding prefix hijacking Paul Donner (Aug 07)