. Getting parts of 44/8 reannounced by different gw
than ucsd.edu is not that easy after all.
-- Original message --
From: Ellenor Agnes Bjornsdottir
To: nanog@nanog.org
Subject: Amprnet? (was Re: [anti-abuse-wg] Yet another BGP hijacking towards
AS16509)
Date: Tue, 30 Aug 2022 04
Wasn't 44/8 the space for AMPRNet?
I looked it up and they sold part of it to Amazon. Ok. Got it.
Possible that a potential highjack could be a good faith radio ham who
hasn't somehow been updated on the sale of that space? Or more likely to
be a malicious highjack?
On 8/23/22 02:05, Siyuan
as a fellow researcher said the other week, ROV, ASPA, ... are intended
to provide safety, not security.
randy
Heya,
On Wed, Aug 24, 2022 at 09:17:03AM +0200, Claudio Jeker wrote:
> On Tue, Aug 23, 2022 at 08:07:29PM +0200, Job Snijders via NANOG wrote:
> > In this sense, ASPA (just by itself) suffers the same challenge as
> > RPKI ROA-based Origin Validation: the input (the BGP AS_PATH) is
> > unsigned
On Tue, Aug 23, 2022 at 08:07:29PM +0200, Job Snijders via NANOG wrote:
> On Tue, Aug 23, 2022 at 05:18:42PM +, Compton, Rich A wrote:
> > I was under the impression that ASPA could prevent route leaks as well
> > as path spoofing. This "BGP Route Security Cycling to the Future!"
> >
Hi Douglas, group,
On Tue, Aug 23, 2022 at 03:03:31PM -0300, Douglas Fischer wrote:
> I was thinking a little about this case...
>
> I'm almost certain that this case cited by Siyuan would have been
> avoided if there was a cross-check between the items contained in the
> AS-SET objects (and
On Tue, Aug 23, 2022 at 05:18:42PM +, Compton, Rich A wrote:
> I was under the impression that ASPA could prevent route leaks as well
> as path spoofing. This "BGP Route Security Cycling to the Future!"
> presentation from NANOG seems to indicate this is the case:
>
I was thinking a little about this case...
I'm almost certain that this case cited by Siyuan would have been avoided
if there was a cross-check between the items contained in the AS-SET
objects (and others such as the Route-Set), and the "member-of" attributes
of the referred objects.
I
I was under the impression that ASPA could prevent route leaks as well as path
spoofing. This "BGP Route Security Cycling to the Future!" presentation from
NANOG seems to indicate this is the case: https://youtu.be/0Fi2ghCnXi0?t=1093
Also, can't the path spoofing protection that BGPsec provides
Dear Siyuan, others,
Thank you for the elaborate write-up and the log snippets. You
contributed a comprehensive overview of what transpired from a
publicly-visible perspective, what steps led up to the strike.
I want to jump in on one small point which I often see as a point of
confusion in our
Amazon was only announcing 44.224.0.0/11 at first.
https://bgp.tools/prefix/44.235.216.0/24
On Tue, Aug 23, 2022 at 4:03 AM Ronald F. Guilmette
wrote:
> In message <
> cao3camot9gc_evd-cczg06a-o_majmltxlhbxfnaudomyqo...@mail.gmail.com>,
> Siyuan Miao wrote:
>
> >Hjacking didn't last too long.
In message
,
Siyuan Miao wrote:
>Hjacking didn't last too long. AWS started announcing a more specific
>announcement to prevent hijacking around 3 hours later. Kudos to Amazon's
>security team :-)
Sorry. I'm missing something here. If the hijack was of 44.235.216.0/24, then
how did AWS
Just noticed another thing:
➜ ~ whois -h whois.ripe.net -- "--list-versions AS1299" | tail -n10
2862 2022-07-11T14:44:49Z ADD/UPD
2863 2022-07-27T11:17:25Z ADD/UPD
2864 2022-08-02T08:43:02Z ADD/UPD
2865 2022-08-10T12:11:29Z ADD/UPD
*2866 2022-08-17T10:47:43Z ADD/UPD2867
Hi folks,
Recently I read a post regarding the recent incident of Celer Network and
noticed a very interesting and successful BGP hijacking towards AS16509.
The attacker AS209243 added AS16509 to their AS-SET and a more specific
route object for the /24 where the victim's website is in ALTDB:
14 matches
Mail list logo
