Hi Anatole, I agree that hijacking is a problem. The IETF SIDR working group has been developing extensions to BGP to help deal with it [1]. However, it's not clear to me how Atlas could help measure hijacking. Atlas is an active measurement network. What sort of probes would detect a hijack? I wonder if analyzing some of RIPE's passive data sets might be a better approach. Best, --Richard On Apr 17, 2013, at 10:01 AM, Anatole Shaw <ripemat@omni.poc.net> wrote:
Currently I work with Greenhost, which is a RIPE LIR that was recently the recipient of a malicious route advertisement, as described here:
https://greenhost.nl/2013/03/21/spam-not-spam-tracking-hijacked-spamhaus-ip/
IP address hijacking is a real problem. How often does it happen? Which networks are being spoofed, and which networks are the victims? My sense is that we don't have solid up-to-date answers to these questions.
I have some thoughts about how to detect successful IP hijacking, using empirical measurements taken from multiple network vantagepoints. I'll hold off on details for now, but I'm aware that the answer is *not* simple analysis of AS paths or traceroute output, both of which are increasingly spoofed.
It seems like the RIPE Atlas probe network would be an ideal platform for this type of study. Does such a study already exist? How does one begin to propose a RIPE Atlas project?
Regards,
Anatole Shaw