I thought I'd toss in a few comments, considering it's my fault that few people are understanding this thing yet.
On Thu, Aug 28, 2008 at 2:28 PM, Gadi Evron <ge@linuxbox.org> wrote:
People (especially spammers) have been hijacking networks for a while
I'd like to 'clear the air' here. Clearly, I failed at Defcon, WIRED, AFP, and Forbes. We all know sub-prefix hijacking is not news. What is news? Using as-path loop detection to selectively blackhole the hijacked route - which creates a transport path _back to_ the target. That's all it is, nothing more. All but the WIRED follow-up article missed this point *completely.* They over-represented the 'hijacking' aspects, while only making mention of the 'interception' potential. Lets end this thread with the point I had intended two weeks ago: we've presented a method by which all the theory spewed by academics can be actualized in a real network (the big-I internet) to effect interception of data between (nearly) arbitrary endpoints from (nearly) any edge or stub AS. That, I think, is interesting. -Tk