[nsp-sec] Why do a route hijack for 1 second?
Smith, Donald
Donald.Smith at qwest.com
Mon Jul 20 12:56:06 EDT 2009
As Chris stated I believe this is accidental.
If you knew you could do a route hijacking you should also be aware that EVERY time you did it would show up on some bodies radar no matter how short of a time you did it. So ever time you do it that is a good chance it gets noticed.
You wouldn't do it on a regular basis unless you were dumb:)
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Hank Nussbacher
> Sent: Sunday, July 19, 2009 11:52 PM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Why do a route hijack for 1 second?
>
> ----------- nsp-security Confidential --------
>
> I have a strange case. It involves 147.237.234.0/24 and
> route hijacking
> from AS31500 (AS1680 has no peering arrangement with
> AS31500). It started
> on July 1 for 31 minutes and then quiet for 2 weeks and now
> we have seen
> the following:
>
> Date: 2009-07-17 11:02:06 UTC
> Duration: 35sec
>
> Date: 2009-07-18 00:27:05 UTC
> Duration: 1sec
>
> Date: 2009-07-19 00:27:18 UTC
> Duration: 1sec
>
> Date: 2009-07-20 00:26:55 UTC
> Duration: 1sec
>
> I am seeing this via Cyclops:
> Alert type: next-hop change
> No. monitors: 1
> Announced ASPATH: 31500 1680
>
> Only 1 monitor sees it which means it is very localized (probably in
> Russia). But what would be the benefit of doing this next
> hop change for
> just 1 second and clearly as a cron job to run every night?
> Any ideas?
>
> Thanks,
> Hank
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list