Home page logo

nanog logo nanog mailing list archives

Regarding smaller prefix for hijack protection
From: Anurag Bhatia <me () anuragbhatia com>
Date: Thu, 30 Aug 2012 04:54:16 -0700

Hello everyone!

I tried looking on net but couldn't found direct answer, so thought to ask
here for some advise.

Is using /24 a must to protect (a bit) against route hijacking? We all
remember case of YouTube 2008 and hijacking in Pakistan. At that time
YouTube was using /22 and thus /24 (more specific) announcement took almost
all of Google's traffic even when AS path was long. So Google's direct also
likely sent packets to Pakistan. Later Google too used /24 (and I guess /25
too to effect some region of internet). Similar case I remember for issue
reported between Altus and hijacking by someone connected to Cleaveland
exchange when ISP was using /23 and spammer used /24.

So can we conclude that one should always use /24 to make sure that they
loose as little as possible traffic during prefix hijacking?

Also, if one uses /22 and /24 - will both prefixes will show in Global
routing table? I know /24 will be prefered but will ISP see /22 as well or
it will pop up only when /24 is filtered?

For one of IP's of Google.com, it seems it is coming from /16 and /24


How can one print similar result from a route server like say Oregon route
views or any ISP's server? I always /24 when looking for that IP. (in
simple words - how bgp.he.net does this magic of popping both prefixes? I
failed to do get same result from HE's route server)



Anurag Bhatia

Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
Google+ <https://plus.google.com/118280168625121532854>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]