[AusNOG] FYI : Attackers are accessing routers running on the border gateway protocol (BGP) and injecting additional hops

Dobbins, Roland rdobbins at arbor.net
Sun Nov 24 20:03:36 EST 2013


On Nov 24, 2013, at 3:47 PM, Joshua D'Alton <joshua at railgun.com.au> wrote:

> Roland, I'd be interested to know if Arbor has seen 'DDoS' via BGP 'hacks' like this, certainly it is quite easy to divert hundreds of Gbit of traffic, perhaps... :)

Yes, we've seen deliberate hijacking for DDoS, as well as spammers hijacking netblocks for brief periods of time to send spam bursts sourced from the netblocks in question.  Doing so for DDoS purposes is quite infrequent, but doing so for spamming purposes is fairly routine, and in many cases goes unnoticed (until the netblocks in question are blacklisted by the various anti-spam organizations, heh).

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton



More information about the AusNOG mailing list