Tomas: It's primarily a proof of concept site, to show that such an idea would be useful, but it has been running for over a year now and discovered many interesting hijacks (such as eBay/google/etc..).
You're right that there is a glaring ommission, which is yesterday's youtube hijack. This is due to a bug in the sub-prefix lookup code (which can cause the IAR to miss some sub-prefix hijacks), which I'm currently fixing. Once that is done I'll rerun the IAR over yesterday's logs and it will show up. Josh On Mon, Feb 25, 2008 at 10:37 AM, Tomas L. Byrnes <[EMAIL PROTECTED]> wrote: > > This is a very interesting site. However, I notice that, in the "all in > the last 24 hours" it doesn't show the YouTube hijack. It does have a > lot of entries for 17557, most recently on 2/17. > > How reliable is this system? > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > Behalf Of Hank Nussbacher > > Sent: Sunday, February 24, 2008 11:33 PM > > To: Steven M. Bellovin; [email protected] > > Subject: Re: YouTube IP Hijacking > > > > > > At 05:31 AM 25-02-08 +0000, Steven M. Bellovin wrote: > > > > >Seriously -- a number of us have been warning that this could happen. > > >More precisely, we've been warning that this could happen > > *again*; we > > >all know about many older incidents, from the barely noticed to the > > >very noisy. (AS 7007, anyone?) Something like S-BGP will > > stop this cold. > > > > > >Yes, I know there are serious deployment and operational > > issues. The > > >question is this: when is the pain from routing incidents > > great enough > > >that we're forced to act? It would have been nice to have done > > >something before this, since now all the world's script kiddies have > > >seen what can be done. > > > > "we've been warning that this could happen *again*" - this is > > happening every day - just look to: > > http://cs.unm.edu/~karlinjf/IAR/prefix.php?filter=most<http://cs.unm.edu/%7Ekarlinjf/IAR/prefix.php?filter=most> > > http://cs.unm.edu/~karlinjf/IAR/subprefix.php?filter=most<http://cs.unm.edu/%7Ekarlinjf/IAR/subprefix.php?filter=most> > > for samples. Thing is - these prefix hijacks are not big > > ticket sites like Youtube or Microsoft or Cisco or even > > whitehouse.gov - but rather just sites that never make it > > onto the NANOG radar. > > > > -Hank > > > > > > > > >
