[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Prefix hijacking, how to prevent and fix currently

Subject: Prefix hijacking, how to prevent and fix currently
From: job at instituut.net (Job Snijders)
Date: Tue, 2 Sep 2014 18:08:35 +0200
In-reply-to: <CAL9jLabfDuTpyZJrw03ig85VZfUKS_4R2QvAEzFd4=NPpvaR2Q@mail.gmail.com>
References: <5f43d6b8ce3c4e089e4f77c32b5ea20d@BN1PR09MB0274.namprd09.prod.outlook.com> <[email protected]> <CAL9jLabfDuTpyZJrw03ig85VZfUKS_4R2QvAEzFd4=NPpvaR2Q@mail.gmail.com>

On Tue, Sep 02, 2014 at 11:53:15AM -0400, Christopher Morrow wrote:
> On Tue, Sep 2, 2014 at 11:25 AM, Job Snijders <job at instituut.net> wrote:
>
> > What is the real damage of hijacking a prefix which is not in use?
>
> 'not in use' ... where?
> 
> What if the 'owner' of the block has the block only routed
> 'internally' (either behind gateways/firewalls/airgaps or just inside
> their ASN) The expectation of the 'owner' is that they are using the
> space and it's not routed 'somewhere else', right?

Interesting point. A commmon approach is to announce such internal
prefixes and blackhole packets to and from at a border.

Alternatively they could set "AS 0" in the ROA of such 'not globally
used' prefixes.  I don't think loose mode should apply to 'AS 0' ROAs.

Kind regards,

Job

Follow-Ups:
- Prefix hijacking, how to prevent and fix currently
  - From: morrowc.lists at gmail.com (Christopher Morrow)

References:
- Prefix hijacking, how to prevent and fix currently
  - From: kotikalapudi.sriram at nist.gov (Sriram, Kotikalapudi)
- Prefix hijacking, how to prevent and fix currently
  - From: job at instituut.net (Job Snijders)
- Prefix hijacking, how to prevent and fix currently
  - From: morrowc.lists at gmail.com (Christopher Morrow)

Prev by Date: Multicast Internet Route table.
Next by Date: Multicast Internet Route table.
Previous by thread: Prefix hijacking, how to prevent and fix currently
Next by thread: Prefix hijacking, how to prevent and fix currently
Index(es):
- Date
- Thread