IP hijacking
From Wikipedia, the free encyclopedia
 |
It has been suggested that Border_Gateway_Protocol#BGP_Hijacking_and_Transit-AS_Problems be merged into this article or section. (Discuss) |
IP hijacking (sometimes referred to as "BGP hijacking" or "Prefix Hijacking") is the illegitimate take over of groups of IP addresses by corrupting Internet routing tables.
The Internet enables communication between two IP addresses anywhere in the world. This is achieved by passing data from one router to another, moving the packets closer to the destination, again and again until it is safely delivered. To do this, each router must be regularly supplied with up-to-date routing tables. At the global level, individual IP addresses are grouped together into prefixes. These prefixes will be originated, or owned, by an autonomous systems (AS) and the routing tables between ASes are maintained using the Border Gateway Protocol (BGP).
Each AS uses BGP to advertise (i.e., broadcast) prefixes that it can deliver traffic to. For example if the network prefix 192.168.1.0/24 is inside AS 123, then that AS will advertise to its provider(s) and/or peer(s) that it can deliver any traffic destined for 192.168.1.0/24. (NOTE: 192.168.1.0/24 and AS number 123 are used as examples and do not reflect true life prefixes or ASes.)
IP hijacking can occur on purpose or by accident in one of several ways:
- Announcing that it originates a prefix that it does not actually originate.
- Announcing a more specific prefix than what may be announced by the true originating AS.
- Announcing that it can route traffic to the hijacked AS through a shorter route than is already available, regardless of if that route actually exists or not.
Typically ISPs will filter BGP traffic so that BGP advertisements from their downstream networks contain only valid IP space. However, a history of hijacking incidents shows that this is not always the case.
IP hijacking is sometimes used by malicious users to obtain IP addresses for use with spamming or a distributed denial-of-service (DDoS) attack.
[edit] Public Incidents
- April 1997: Earliest notable incident?
- Dec 24, 2004: TTNet in Turkey hijacks the Internet
- Jan 22, 2006: Con-Edison hijacks big chunk of the Internet
- February 24, 2008: Pakistan's attempt to block YouTube access within their country takes down YouTube entirely.
