One big happening I can recall was the AS7007 incident way back in 1997. http://en.wikipedia.org/wiki/AS_7007_incident Cheers. On Wed, Aug 7, 2013 at 7:23 PM, Ahad Aboss <ahad@telcoinabox.com> wrote:
It has happened in the past and there is no silver bullet solution to prevent this 100%.
-----Original Message----- From: Martin T [mailto:m4rtntns@gmail.com] Sent: Wednesday, 7 August 2013 7:13 PM To: Paul Ferguson Cc: nanog@nanog.org Subject: Re: questions regarding prefix hijacking
Ok. And such attacks have happened in the past? For example one could do a pretty widespread damage for at least short period of time if it announces for example some of the root DNS server prefixes(as long prefixes as possible) to it's upstream provider and as upstream provider probably prefers client traffic over it's peerings or upstreams, it will prefer those routes by malicious ISP for all the traffic to root DNS servers?
regards, Martin
2013/8/7, Paul Ferguson <fergdawgster@gmail.com>:
Unfortunately, it is way too easy for people to inject routes into the global routing system.
I think most of the folks on the list can attest to that. :-)
- ferg
On Wed, Aug 7, 2013 at 1:20 AM, Martin T <m4rtntns@gmail.com> wrote:
Hi,
as probably many of you know, it's possible to create a "route" object to RIPE database for an address space which is allocated outside the RIPE region using the RIPE-NCC-RPSL-MNT maintainer object. For example an address space is from APNIC or ARIN region and AS is from RIPE region. For example a LIR in RIPE region creates a "route" object to RIPE database for 157.166.266.0/24(used by Turner Broadcasting System) prefix without having written permission from Turner Broadcasting System and as this LIR uses up-link providers who create prefix filters automatically according to RADb database entries, this ISP is soon able to announce this 157.166.266.0/24 prefix to Internet. This should disturb the availability of the real 157.166.266.0/24 network on Internet? Has there been such situations in history? Isn't there a method against such hijacking? Or have I misunderstood something and this isn't possible?
regards, Martin
-- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com