[6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking
Jeroen Massar
jeroen@unfix.org
Sat, 10 May 2003 00:32:27 +0200
Colin Faber wrote:
> Recently on the IPv4 internet there have been a small but
> growing number of cases
> of BGP hijacking by spammers / spam gangs to get around black
> lists and filters.
Based on the single stupid fact that there are active
Ghost Routes (*1) out there and the fact that some 'admins'
are very unresponsive (as in: don't reply) this would
become dead easy in the future. I therefor sincerely
hope that some people wake up and go fix their setups.
It's also quite a bad thing that it doesn't really
gets noticed by the owner of the affected prefixes.
Fortunatly there are people who actually like their
work and have a passion for it and they put a lot
of time and effort into it and do actively filter
bogus routes that are being announced.
If and if only that was the common case.
> Does/Is there anything in place with in the existing BGP+
> protocol to prevent such things from happening.
There is RADB or simply the nice routemaps that are
in the whois db's of the RIR's allowing one to easily
generate filters based on the information represented there.
But then still it's all about who to thrust which was
also one of the major points seen on the NANOG list when
they where discussing the topic you mentioned.
Note that based on the information currently available
in GRH, it could generate some very nice bogon maps.
Then again, most if not all of the participants filter
on at least known boundaries (*2). Thus the only thing
that would be visible then would be unallocated spaces.
Note that anyone can set a source ASN to match the
allocated one and just announce that space, probably
noone will notice it unless they filter their peers.
But in the big transit-for-free-ipv6-cloud that it is
now there is only minimal filtering in most AS's.
Therefor I would always like people to read MIPP (*3)
Btw: one day GRH might just do bogon listing, so be
warned because obvious things will show up then :)
Also note that RIS (*4) is also monitoring IPv6.
Greets,
Jeroen
*1 = http://www.sixxs.net/tools/grh/ghosts/what/
*2 = http://www.space.net/~gert/RIPE/ipv6-filters.html
*3 = http://ip6.de.easynet.net/ipv6-minimum-peering.txt
*4 = http://www.ris.ripe.net