[nsp-sec] Why do a route hijack for 1 second?
Eli Dart
dart at es.net
Mon Jul 20 13:27:32 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hank Nussbacher wrote:
> ----------- nsp-security Confidential --------
>
> On Mon, 20 Jul 2009, Smith, Donald wrote:
>
>> As Chris stated I believe this is accidental.
>> If you knew you could do a route hijacking you should also be aware
>> that EVERY time you did it would show up on some bodies radar no
>> matter how short of a time you did it. So ever time you do it that is
>> a good chance it gets noticed.
>> You wouldn't do it on a regular basis unless you were dumb:)
>
> They may not be aware that someone is monitoring that specific /24. And
> they might also figure who would see a 1 second next-hop change.
One could think about this another way.
If someone does a 1-second hijack once a day, and the 1-second hijacking
gets noticed and cleaned up, that provides the people doing the hijack
with a good indicator as to the capabilities of the people trying to
prevent hijacking.
Perhaps the bad guys have several of these (you said it was very
localized) and the idea is to determine what corners of the net are
being watched.
--eli
- --
Eli Dart NOC: (510) 486-7600
ESnet Network Engineering Group (800) 333-7638
Lawrence Berkeley National Laboratory
PGP Key fingerprint = C970 F8D3 CFDD 8FFF 5486 343A 2D31 4478 5F82 B2B3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkpkqQQACgkQLTFEeF+CsrNsyACglkaVALvRQ6Mpl/RKCQ+99Kpw
C8QAoI5JUte1GX+48EBBK9bmZYyL8uK1
=r8wm
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list