RE: Revealed: The Internet's well known BGP behavior
At 11:32 PM 27-08-08 -0500, John Lee wrote:
Thanks guys, going back to my Comer one more time. My issue, question was whether the organization doing the hijacking controlled all of the routers in the new modified path or only some of them?
John (ISDN) Lee
They didn't have control of any routers other than their own. What they had to find is a single clueless upstream ISP that would allow them to announce prefixes that didn't belong to them. -Hank
On Thu, 28 Aug 2008, Hank Nussbacher wrote:
At 11:32 PM 27-08-08 -0500, John Lee wrote:
Thanks guys, going back to my Comer one more time. My issue, question was whether the organization doing the hijacking controlled all of the routers in the new modified path or only some of them?
John (ISDN) Lee
They didn't have control of any routers other than their own. What they had to find is a single clueless upstream ISP that would allow them to announce prefixes that didn't belong to them.
Clueless or big and inattentive? AFAIK, Level3 will accept anything from me...as long as I put it in one of the IRRs the day before I plan to announce it. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Jon Lewis wrote:
At 11:32 PM 27-08-08 -0500, John Lee wrote:
They didn't have control of any routers other than their own. What they had to find is a single clueless upstream ISP that would allow them to announce prefixes that didn't belong to them.
Clueless or big and inattentive? AFAIK, Level3 will accept anything from me...as long as I put it in one of the IRRs the day before I plan to announce it.
Working for a company that has been steadily growing through acquisition, we have actually run into this problem a couple times before. I'm not sure if we hit the lottery, but our upstream providers (including LVL3) have definitely intervened when we've moved netblocks from a company that doesn't match our name into our facilities to be advertised under our ASNs. I'm not sure how diligent or widespread the validation checks are, but at least on occasion they do occur. -Eric
On 2008/08/28 06:45 AM Hank Nussbacher wrote:
They didn't have control of any routers other than their own. What they had to find is a single clueless upstream ISP that would allow them to announce prefixes that didn't belong to them.
Leaving aside the ability blackhole prefixes that don't belong to you, they seem to harp on the part of being able to intercept traffic. Well, yes? Personally I don't trust GBLX (sorry) or whoever with my traffic any more than a random hacker who is rerouting the traffic. That's why things like SSL were invented. Yes, with that much control even SSL can technically be broken but if there was ever a pretext of complete trust about the possibilities of snooping on traffic then encryption wouldn't need to exist. Ultimately though, the detailed work that needs to go into pulling something like that off would make it quite hard not to leave a trail somewhere. Also, it's still far easier to just pop a trojan onto a few million machines. Shameless media hyperbole anyway... I think they saw the DNS people getting their 10 minutes of fame and wanted their own :)
participants (4)
-
Colin Alston
-
Eric Spaeth
-
Hank Nussbacher
-
Jon Lewis