North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Kenyan Route Hijack

  • From: Bill Stewart
  • Date: Sun Mar 16 01:21:16 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=PPBLEQM6bAL71KQMYjGjlsHfCjNVYZVv5gRDIFET+9w=; b=XRZXBms/twocVA9643S+9oXgmpr2NQmvnS2BrW0WRDb7QpgbIqtVCEtVnvub+pfxjBksFEyucpeyujchkJs8RTZ9bgGm/m2n5RQPRAJVSk4BpuCyH/jCrEjWpi8BCxR+zyDGDRv8UtmC76vaRsnW0dja/rEH5Xcz486oj9KQJZU=
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QL72DmPtJ0ONiAelGbEW9vlUZK1bQKchd1Zj3CP47Y1iULKXpDttY9Q1K/zY3DB9cmqJOBHCfMHzmWZgTtj42GWcjrXNYaK0vBYIYKyMVDm8nLyjFdZ/yHm0lb9dMc7vcItu5ZQWyzsyhw2xBiLaDGDSz84XKGj3YShj4CF5Qf4=

On Sat, Mar 15, 2008 at 9:09 PM, Glen Kent <[email protected]> wrote:
>  Unlike the Youtube outage where PTA had issued a directive asking all
>  ISPs to block Youtube - What is the reason most often cited for such
>  mishaps? The reason i ask this is because the ISPs that
>  "inadvertently" hijack someone elses IP space,  need to explicitly
>  configure *something* to do this. So, what really are they trying to do there?

I've seen two popular reasons for doing it accidentally
- Fat fingers when configuring IP addresses by hand
- Using old routing protocols such as IGRP or RIP and autosummarizing routes,
  usually done by a customer of an ISP that doesn't bother filtering carefully.
  This doesn't give you a /24 address by accident,
  but it lets you take two /24 subnets of a Class B or Class A
  and turn them into an advertisement for the whole network.

A popular reason from longer ago was enterprises that used
arbitrary addresses for their internal networks,
which was safe because they'd never be connected to the real internet.
RFC1918 has made that problem mostly go away,
but as recently as 1995 I had a customer who was a bank that was
using University of Toronto IP addresses internally.
We were working on their databases, not their networks,
so while we strongly recommended they renumber some time soon,
it wasn't happening during our project.

 Thanks; Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.