On Dec 6, 2013, at 2:57 PM, Stephane Bortzmeyer <bortzme...@nic.fr> wrote:
> On Fri, Dec 06, 2013 at 01:05:54PM -0500, > Jared Mauch <ja...@puck.nether.net> wrote > a message of 36 lines which said: > >> I've detected 11.6 million of these events since 2008 just looking at the >> route-views data. Most recently the past two days 701 has done a large MITM >> of >> traffic. > > The big novelty in the Renesys paper is the proof (with traceroute) > that there was a return path, something which did not exist in the > famous Pakistan Telecom case, or in most (all?) other BGP > hijackings. This return path allows to attacker to really get access > to the data with little chance of the victim noticing. That's > something new. I've been sending the traceroutes to networks for years to get them to clean up their acts. I guess the lesson is publish often? Folks can see the prefixes involved here: http://puck.nether.net/bgp/leakinfo.cgi The ASN search works best. I'll work on optimizing the prefix stuff as it's not returning "promptly". - Jared