Slashdot Mirror

← Back to Stories (view on slashdot.org)

Confronting Address Space Hijackers

Posted by timothy on from the insert-sound-effects dept.

Tawn writes "There's a great story on SecurityFocus about hijackers taking over large allocations of IPv4 space with forged documents and false business fronts. Los Angeles County and some big multinationals have had /16's pulled out from under them in the last few months, and used to inject spam. ARIN and network operators are trying to get a handle on the problem. The owner of a webhosting company that wound up with L.A. County's /16 called it 'borrowed space,' and said he paid $500 for it to a guy he met online."

5 of 334 comments (clear)

  1. I submitted this... by robslimo · · Score: 5, Informative

    a couple of weeks ago. Not this particular article, but a little write-up with some nice links (rejected, of course).

    Links:
    In your face hijacking

    Current list of possible bogus bgp routes

    Oh, well.

  2. Re:Does LA county even need a public /16? by HaeMaker · · Score: 4, Informative

    Allocaitons are made for organizations that need globally unique IP addresses, not necessarily connected to the Internet.

    IBM owns 9.0.0.0/8, none of it is connected to the Internet. They use globally unique addressing in their internal network for private connections to other organizations, without fear of collisions.

    This is typically no longer done and the IANA recommends you use a random range from private IP space from now on, except in rare cases.

  3. Re:255x255!!!?? by shamilton · · Score: 4, Informative

    That's just completely wrong. It could be as many as 65534 usable addresses. Networks certainly needn't be on octet boundaries.

    --
    "[A] high IQ is like a Jeep; you will still get stuck, just farther from help!" --Just d' FAQs, c.g.a
  4. Re:Hijackers? by shamino0 · · Score: 4, Informative
    Agreed. They should return all the unused IP space for re-allocation.

    It's not that simple.

    The way I understand it, you can't just give back some of your addresses. You have to give back the entire block and then go through the whole lengthy application process to get a new block. Which means there will be a significant amount of time during which you have no addresses. And when you finally do get them, you'll have to renumber your network, because you won't get back addresses from the block you gave up. And if ARIN decides that you don't actually "need" as many addresses as you want to keep, you're SOL.

    And if your network grows, you have to go through all the red tape of justifying your request for another/larger block.

    The fact that you did the internet a service by surrendering a lot of unused addresses in the first place doesn't figure into thesedecisions.

    For anybody who has a legacy class-B (or even class-A) block, it just doesn't pay to go through all the work, only to find yourself screwed in six months when you find that your new allocation wasn't big enough.

  5. Re:A little curious. by PurpleFloyd · · Score: 4, Informative
    Classful routing terminology is still a useful form of shorthand. If you tell me that MIT has a Class A block, I know immediately that they have a network space the size of Asia, but if you tell me they've got an 8 bit block, I have to pause and think about it for a half second.

    As for Cisco teaching classful addressing, that's justifiable. If the terminology is still in use among network folk, Cisco isn't doing a good job if they certify people who don't know how to communicate with their peers. Also, I can tell you that the CCNA exam did have several CIDR questions on it. Certifying someone as a network tech means testing all the knowledge they should know to do their job well. Since classful routing is still in the wild, network techs should know how to deal with it.

    --

    That's it. I'm no longer part of Team Sanity.