[nsp-sec] hijacked netspace

Barry Greene (bgreene) bgreene at cisco.com
Sun Feb 24 19:38:21 EST 2008 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


BGP Shunt - created in 1997 for the Great Firewall. 

In this case, it looks like a simple case of advertising the shunt (i.e.
not putting no-advertise communities and a "Murphy Filter" for the BGP
communities).



> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> Dario Ciccarone (dciccaro)
> Sent: Sunday, February 24, 2008 4:07 PM
> To: Sean Donelan
> Cc: Rob Thomas; Ross, Jason; NSP-SEC List
> Subject: Re: [nsp-sec] hijacked netspace
> 
> ----------- nsp-security Confidential --------
> 
> Interesting. Which methods to Transworld use ? :)
> 
> I know it's starting to look like "newbie" day - a URL or 
> pointer to a document (if such a document exist - previous 
> NANOG meetings?) explaining methods Transworld/other ISPs use 
> besides blackholing would be much appreciated.
> 
> 
> Dario
>  
> 
> > -----Original Message-----
> > From: Sean Donelan [mailto:sean at donelan.com]
> > Sent: Sunday, February 24, 2008 6:50 PM
> > To: Dario Ciccarone (dciccaro)
> > Cc: David Freedman; Chris Morrow; Rob Thomas; Ross, Jason; NSP-SEC 
> > List
> > Subject: Re: [nsp-sec] hijacked netspace
> > 
> > On Sun, 24 Feb 2008, Dario Ciccarone (dciccaro) wrote:
> > > The Q was if those folks are the only ISP in Pakistan - IE,
> > Jason here
> > > only saw it being advertised by 17557
> > 
> > There are several hundred ISPs in Pakistan, however 
> essentially all of 
> > them get their upstream via either PTCL (the old PTT) or a few via 
> > TransWorld.
> > 
> > For better or worse, Transworld has more "advanced" blocking than 
> > PTCL.
> > 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security community. Confidentiality is essential for 
> effective Internet security counter-measures.
> _______________________________________________
> 
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBR8IN/b/UEA/xivvmEQIrIgCgv9X3+op4qooRrVcyiKzeopJhXX8AoO9d
CFfNsEeTcY3hrjwq0inls285
=Hh9r
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list