nanog mailing list archives
RE: Prefix hijacking, how to prevent and fix currently
From: Doug Madory <dmadory () renesys com>
Date: Sun, 31 Aug 2014 15:47:40 -0400
Ah yes BusinessTorg (AS60937). I have also seen this one doing what you are describing. Not to MSFT or GOOG, but another major technology company that we peer with. In fact, it is going on right now but only visible if you receive routes directly from them. A while ago, I sent them a note describing what was happening and suggested they might want to stop accepting routes from that AS, but they still do.
Some seem to avoid BGP analysis by exposing their attack only to their target. We recently saw MSFT getting our customer's more specific announcement from 60937 originated ostensibly by 35886. No on else (~200 vantage points) was receiving this more specific.
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: Prefix hijacking, how to prevent and fix currently, (continued)
- Re: Prefix hijacking, how to prevent and fix currently Randy Bush (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Mark Andrews (Aug 28)
- Re: Prefix hijacking, how to prevent and fix currently Matthew Kaufman (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Rob Seastrom (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Jared Mauch (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Matthew Kaufman (Aug 31)
- Re: Prefix hijacking, how to prevent and fix currently Nick Hilliard (Aug 31)
- Re: Prefix hijacking, how to prevent and fix currently Matthew Kaufman (Aug 29)
- Re: Prefix hijacking, how to prevent and fix currently Brandon Butterworth (Aug 29)
- RE: Prefix hijacking, how to prevent and fix currently Doug Madory (Aug 31)
- Re: Prefix hijacking, how to prevent and fix currently Saku Ytti (Aug 31)
- RE: Prefix hijacking, how to prevent and fix currently Doug Madory (Aug 31)
- Re: Prefix hijacking, how to prevent and fix currently Matthew Petach (Aug 31)