There are two things at play here: attacker has to have access to one ISP to inj... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

dfox on Aug 8, 2014 | parent | context | favorite | on: Hacker Redirects Traffic From 19 Internet Provider...

There are two things at play here: attacker has to have access to one ISP to inject the route (eg. rogue employee) and there has to be another ISP that accepts such route from BGP (I would say that filtering weirdly specific routes is good and common practice). When you have access to ISP network you don't have to inject things into BGP to attack your own customers.

devicenull on Aug 8, 2014 [–]

A /24 is not a 'weirdly specific route'. I agree, that the upstream should have been filtering things, but you can't expect them to just filter out all the /24's.

For example, Google DNS anycast would stop working: http://bgp.he.net/net/8.8.8.0/24 as would basically anyone else doing anycast.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact