On Dec 6, 2013, at 2:57 PM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Fri, Dec 06, 2013 at 01:05:54PM -0500, Jared Mauch <jared@puck.nether.net> wrote a message of 36 lines which said:
I've detected 11.6 million of these events since 2008 just looking at the route-views data. Most recently the past two days 701 has done a large MITM of traffic.
The big novelty in the Renesys paper is the proof (with traceroute) that there was a return path, something which did not exist in the famous Pakistan Telecom case, or in most (all?) other BGP hijackings. This return path allows to attacker to really get access to the data with little chance of the victim noticing. That's something new.
I've been sending the traceroutes to networks for years to get them to clean up their acts. I guess the lesson is publish often? Folks can see the prefixes involved here: http://puck.nether.net/bgp/leakinfo.cgi The ASN search works best. I'll work on optimizing the prefix stuff as it's not returning "promptly". - Jared