IP Address Hijacking - hack of the future?

Quantum Quack · Nov 10, 2013

Since the launch of DNS routing systems on the net this issue of IP address hijacking seems to have come to the fore.

IP hijacking (sometimes referred to as BGP hijacking, prefix hijacking or route hijacking) is the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables.

The Internet is a global network in enabling any connected host, identified by its unique IP address, to talk to any other, anywhere in the world. This is achieved by passing data from one router to another, repeatedly moving each packet closer to its destination, until it is safely delivered. To do this, each router must be regularly supplied with up-to-date routing tables. At the global level, individual IP addresses are grouped together into prefixes. These prefixes will be originated, or owned, by an autonomous system (AS) and the routing tables between ASes are maintained using the Border Gateway Protocol (BGP). A group of networks that operate under a single external routing policy is known as an autonomous system. For example Sprint, MCI and AT&T each are an AS. Each AS has its own unique AS identifier number. BGP is the standard routing protocol used to exchange information about IP routing between autonomous systems.

Each AS uses BGP to advertise prefixes that it can deliver traffic to. For example if the network prefix 192.0.2.0/24 is inside AS 64496, then that AS will advertise to its provider(s) and/or peer(s) that it can deliver any traffic destined for 192.0.2.0/24.

IP hijacking can occur deliberately or by accident in one of several ways:

An AS announces that it originates a prefix that it does not actually originate.
An AS announces a more specific prefix than what may be announced by the true originating AS.
An AS announces that it can route traffic to the hijacked AS through a shorter route than is already available, regardless of whether or not the route actually exists.

Common to these ways is their disruption of the normal routing of the network: packets end up being forwarded towards the wrong part of the network and then either enter an endless loop (and are discarded), or are found at the mercy of the offending AS.

wiki: http://en.wikipedia.org/wiki/IP_hijacking
Click to expand...

The reason why is that the DNS routing schemes hold all the information needed to hijack all the domains under their control. [if they so choose to do so in a way that is non-disclosing.]

Does any one know anything about this sort of "man in the middle" type security issue?

Any tools out there to verify IP address routing and to test for IP address diverting, for example?

From what I can read there is actually no way to protect properly against this sort of thing especially if the hack is deliberately "temporary" and sporadic.. forcing a loss of confidence in a particular domain or web site.

Log in or Sign up

IP Address Hijacking - hack of the future?

Quantum Quack Life's a tease... Valued Senior Member

Share This Page

Log in or Sign up

IP Address Hijacking - hack of the future?

Quantum Quack Life's a tease... Valued Senior Member

Share This Page

Useful Searches