One big happening I can recall was the AS7007 incident way back in 1997. http://en.wikipedia.org/wiki/AS_7007_incident
Cheers. On Wed, Aug 7, 2013 at 7:23 PM, Ahad Aboss <a...@telcoinabox.com> wrote: > It has happened in the past and there is no silver bullet solution to > prevent this 100%. > > > -----Original Message----- > From: Martin T [mailto:m4rtn...@gmail.com] > Sent: Wednesday, 7 August 2013 7:13 PM > To: Paul Ferguson > Cc: nanog@nanog.org > Subject: Re: questions regarding prefix hijacking > > Ok. And such attacks have happened in the past? For example one could do a > pretty widespread damage for at least short period of time if it announces > for example some of the root DNS server prefixes(as long prefixes as > possible) to it's upstream provider and as upstream provider probably > prefers client traffic over it's peerings or upstreams, it will prefer > those routes by malicious ISP for all the traffic to root DNS servers? > > > regards, > Martin > > 2013/8/7, Paul Ferguson <fergdawgs...@gmail.com>: > > Unfortunately, it is way too easy for people to inject routes into the > > global routing system. > > > > I think most of the folks on the list can attest to that. :-) > > > > - ferg > > > > > > On Wed, Aug 7, 2013 at 1:20 AM, Martin T <m4rtn...@gmail.com> wrote: > > > >> Hi, > >> > >> as probably many of you know, it's possible to create a "route" > >> object to RIPE database for an address space which is allocated > >> outside the RIPE region using the RIPE-NCC-RPSL-MNT maintainer > >> object. For example an address space is from APNIC or ARIN region and > >> AS is from RIPE region. For example a LIR in RIPE region creates a > >> "route" object to RIPE database for 157.166.266.0/24(used by Turner > >> Broadcasting System) prefix without having written permission from > >> Turner Broadcasting System and as this LIR uses up-link providers who > >> create prefix filters automatically according to RADb database > >> entries, this ISP is soon able to announce this 157.166.266.0/24 > >> prefix to Internet. This should disturb the availability of the real > >> 157.166.266.0/24 network on Internet? Has there been such situations > >> in history? Isn't there a method against such hijacking? Or have I > >> misunderstood something and this isn't possible? > >> > >> > >> regards, > >> Martin > >> > > > > > > > > -- > > "Fergie", a.k.a. Paul Ferguson > > fergdawgster(at)gmail.com > > > >