[Dshield] IP Spoofing question

Tony Earnshaw tonye at billy.demon.nl
Fri Feb 20 17:09:17 GMT 2004


fre, 20.02.2004 kl. 16.20 skrev Stephane Grobety:

> Now, one thing you should know: some larger spamgangs actually
> "hijack" IP ranges that they don't own. This is done by having a
> border router advertise the said range to neighbors via BGP (Border
> Gateway Protocol): a protocol used to dynamically create routing
> tables between carriers. The spammers just inject the new range in the
> normal BGP flow, use it for a while and then cut it before anyone can
> really notice. And what you end up with is spam coming from
> apparently non-routed IP addresses and range that hasn't been
> attributed to anyone.

Here I stand corrected; it's easy to see how, but I didn't know that
this hijacking happens. Thanks :)

--tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl




More information about the list mailing list