Hijacked IP space.

Jamie_Reid · November 4, 2003, 5:54am

I must have missed the thread on this, but is there a good summary available
of exactly _how_ these netblocks are getting hijacked?

Are they taking advantage of sloppy redistribution configurations, 0wning
routers, spoofing OSPF updates, taking advantage of default static
routes, or is there something more complicated at work?

Are these attacks actually generating bogons, or are they isolated
to ASN's they have at one point been legitimately announced by,
and forgotten?

I can think up many more interesting applications for these kind of
ghost-nets than spamming, all of which are quite, if you'll pardon the
pun, haunting.

TEXT.htm (3.97 KB)

Suresh_Ramasubraman1 · November 4, 2003, 10:24am

Jamie Reid writes on 11/4/2003 12:54 AM:

Are they taking advantage of sloppy redistribution configurations, 0wning
routers, spoofing OSPF updates, taking advantage of default static
routes, or is there something more complicated at work?

Sometimes as simple as social engineering - a company goes out of business, but still has a /16 allocated to it. So what happens is that some fake letterheads get typed up (and possibly the company name re-registered "under new management), and a request for routing these blocks goes out ...

Then you get (say) a T1 from some random ISP, and then get them to announce the /16.

srs