IP hijacking
From Wikipedia, the free encyclopedia
IP hijacking (sometimes referred to as "BGP hijacking") is the illegitimate taking over of groups of IP addresses by corrupting Internet routing tables.
The Internet enables communication between one IP address and another, anywhere in the world and beyond. This is achieved by passing data from one server to another server, closer to the destination, again and again until it is safely delivered. To do this, each server must be regularly supplied with up-to-date routing tables. At the global level, individual IP addresses are grouped together into autonomous systems (AS) and the routing tables between them are maintained using the Border Gateway Protocol (BGP).
A group of networks that operate under a single external routing policy is known as an autonomous system. For example Sprint, MCI and AT&T probably each are an AS (possibly more than one, if they have different groups of networks). Each AS has its own unique AS identifier number. BGP is the standard routing protocol used to exchange information about IP routing between autonomous systems.
Each AS uses BGP to advertise (i.e., broadcast) IP networks that it can deliver traffic to. For example if the network 192.168.1.0/24 is inside AS 123, then that AS will advertise to other providers that it can deliver any traffic destined for 192.168.1.0/24 (obviously this is not a real externally routed network).
IP hijacking can occur on purpose or by accident if an AS advertises a network that it is not actually authorized to use. If AS 123 advertises a network that really resides in AS 456, then it is possible for traffic to be diverted.
Typically ISPs will filter BGP traffic so that BGP advertisements from their downstream networks contain only valid IP space.
IP hijacking is sometimes used by malicious users to obtain IP addresses for use with spamming or a distributed denial-of-service (DDoS) attack.
