[nsp-sec] Internap+AT&T: Interesting prefix hijacking
Hank Nussbacher
hank at efes.iucc.ac.il
Tue Jun 29 01:23:31 EDT 2010
Yesterday, at Jun 27 18:31:04 2010 GMT there was an interesting
hijacking going on which looks like a test run. The following
prefixes were hijacked and announced:
AS1680 82.166.110.0/24
...only 1 AS1680- prefix hijacked...
AS5486 213.8.156.0/22
AS5486 213.8.122.0/23
...60 more prefixes...
AS9116 83.130.144.0/20
AS9116 77.125.64.0/18
AS9116 77.127.0.0/18
AS9116 80.178.208.0/21
AS9116 80.230.128.0/18
AS9116 87.71.64.0/18
AS9116 84.228.32.0/19
AS9116 84.229.208.0/20
AS9116 87.69.64.0/18
AS9116 87.71.128.0/19
...about 390 more AS9116 prefixes...
There are two interesting aspects here:
a) the prefixes announced were more specifics that were not being
announced previously by the ISP and therefore usurped traffic destined to
Israel.
b) The ASN path for all hijacks was:
812 2828 7018 17231 17231 17231 17231 17231 17231 10913 22212 xxxx
[where xxxx is Israeli ISP ASN]
AS22222 is Omaha Steaks in the US
AS10913 is Internap in US
AS17231 is ATT-CERFNET in US
As far as I know, Israel has not become a commonwealth of Omaha.
Can this please be looked into?
Thanks,
Hank
More information about the nsp-security
mailing list