GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Revealed: The Internet's Biggest Security Hole

rowan · 08-27-2008, 07:58 PM

This sounds like something more sophisticated, but with BGP it's quite easy to cause mischief, either intentionally or accidentally, because routes are not verified to have come from a trusted source (ie: the company that owns them). If your upstreams do not have the appropriate filters in place then you can pretty much broadcast any IP range you like.

Earlier this year a Pakistani ISP advertised/leaked Youtube's routes as if it were its own IP range, which resulted in a shitload of traffic that was supposed to go to Youtube heading in through their own link. The intent was to blackhole (censor) youtube for its customers, but the route was advertised to the big bad internet.

08-27-2008, 07:58 PM
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	This sounds like something more sophisticated, but with BGP it's quite easy to cause mischief, either intentionally or accidentally, because routes are not verified to have come from a trusted source (ie: the company that owns them). If your upstreams do not have the appropriate filters in place then you can pretty much broadcast any IP range you like. Earlier this year a Pakistani ISP advertised/leaked Youtube's routes as if it were its own IP range, which resulted in a shitload of traffic that was supposed to go to Youtube heading in through their own link. The intent was to blackhole (censor) youtube for its customers, but the route was advertised to the big bad internet.