SoylentNews is people
SoylentNews
From Ars: "Spyware service provider Hacking Team orchestrated the hijacking of IP addresses it didn't own to help Italian police regain control over several computers that were being monitored in an investigation"
Over a six day period in August 2013, Italian Web host Aruba S.p.A. fraudulently announced its ownership of 256 IP addresses into the global routing system known as border gateway protocol, the messages document. Aruba's move came under the direction of Hacking Team and the Special Operations Group of the Italian National Military Police, which was using Hacking Team's Remote Control System malware to monitor the computers of unidentified targets. The hijacking came after the IP addresses became unreachable under its rightful owner Santrex, the "bullet-proof" Web hosting provider that catered to criminals and went out of business in October 2013, according to KrebsOnSecurity.
It's not clear from the e-mails, but they appear to suggest Hacking Team and the Italian police were also relying on Santrex. The emails were included in some 400 gigabytes of proprietary data taken during last weekend's breach of Hacking Team and then made public on the Internet.
With the sudden loss of the block of IP addresses, Italy's Special Operations Group was unable to communicate with several computers that were infected with the Hacking Team malware. The e-mails show Hacking Team support workers discussing how the law enforcement agency could regain control. Eventually, Italian police worked with Aruba to get the block—which was known as 46.166.163.0/24 in Internet routing parlance—announced in the BGP system as belonging to Aruba. It's the first known case of an ISP fraudulently announcing another provider's address space, said Doug Madory, director of Internet analysis at Dyn Research, which performs research on Internet performance.
Also covered by Brian Krebs:
http://krebsonsecurity.com/2015/07/hacking-team-used-spammer-tricks-to-resurrect-spy-network/
Original Submission
(Score: 2) by VLM on Tuesday July 14 2015, @11:53AM
What happens when two providers claim to own the same IP addresses?
If you do this intelligently then this is great, its just multi-homing. Very reliable, good idea. If everyone is on the same page.
Note that anybody speaking BGP and talking to other BGP speakers IS a provider. Even if they're a stereotypical end user (major business, whatever) with their own IP space and connections to five upstream ISPs. Lets say provider A is AS #1 and provider B is AS #2, the end user is AS #3 and advertises their space, and they have a connection with providers A and B and neither advertise ("claim to own") the space, is the end user AS#3 which does the advertising.
If you want a real troubleshooting headache you could have the upstream providers advertise the space themselves, but that's a great way to make a routing black hole if the connection between a provider and the end user drops and the provider doesn't stop advertising the route, all that traffic will get tossed.
There is no global routing table every router has a different view on reality. For a good time google "BGP looking glass" those are (usually web based) BGP speakers all over the net as a public service let you look at the route to an address, (and usually a bunch of other things). So ask a looking glass in Euroland for the AS path to "somewhere" and that path will look nothing like the AS path for a looking glass in Chicago, at least for the first couple hops anyway.
When I was still in the business about a decade ago, if a BGP speaking customer wanted to start advertising new space we'd demand a simple one page signed letter of agency scanned, FAXed, or mailed to "us" then I'd adjust their prefix lists to allow the new space thru (with BGP you can filter what you'll listen to from people in BGP announcements, which is completely distinct from filtering traffic, which often confuses the hell out of people because the router syntax is roughly similar). There were some customers of very long relationship I'd trust to fix the paperwork later, and others with shall we say the opposite relationship where I'd put extra effort into verification to figure out if they had any idea what they were doing because they were always Fing stuff up.
Wrangling BGP sessions for customers was an interesting job, but theres only "X" positions to do it, and every year "X" declines because of consolidation and cost cutting and outsourcing, while Cisco graduates enough CCNP and above with qualifications to fill every single position... every year. So to say there's an oversupply of qualified workers to do the job would be a huge understatement. There are supposedly BGP jobs if you're willing to move to some hellhole where it takes $250K to not live under a bridge but they only offer $120K, and/or take $40K/yr to live in a civilized area, which I'm not interested in. So when that company sank, I went into dev work, at least there are some job openings for that everywhere, and usually at higher pay.
I did all the Cisco cert stuff, long since expired, and they were pretty good at what they were. As a guy who did routing stuff all day, I took the routing test for CCNP (back when it was four tests, routing, switching, troubleshooting, and WAN) and didn't study anything but the legacy ISIS stuff, and it was pretty fair, its not a paper cert. What was a little weird is what I spent most of my brain cells spinning on the job, wasn't even remotely on the test. So you'll have a cert that accurately says you can program a router to speak BGP and "do things" but you'll be left with no idea what to do or why or how, outside strictly typing on a router. So I'd say the cert stuff only gets you maybe half way to understanding BGP.