Before you consider DNS blocking, first, do no harm
Criminals Need IP Addresses

Internet Address Hijacking, Spoofing and Squatting Attacks

Some of the prominent Internet routing attacks are not attacks against the routing system at all. The purpose of this set of attacks is not to disrupt the routing system itself but to (i) use the routing system to make addresses that criminals use for spam or other malicious activities known and reachable and thus (ii) allow malicious traffic to originate from these addresses and be delivered to recipients across the Internet.

This series of blog articles explores attacks that exploit the Internet’s routing system in this manner. In particular, I’ll consider attacks that exploit the Border Gateway Protocol (RFC 1771), a routing protocol that is used to exchange network reachability information among autonomous systems (AS), defined as one or more IP networks that operate under a single routing policy.

This series describes the motives for such attacks, classifies the attacks based on certain distinguishing characteristics, and suggests measures that can be taken to mitigate attacks of these kinds. Since the objective of this paper is to describe how and why attackers target specific addressing resources, the paper does not describe how attacks are executed in detail but instead treats them all as insertion attacks.

2 3 4 5 6 7 8 9 10 11   PDF 


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.