• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
MANRS

MANRS

Mutually Agreed Norms for Routing Security

  • Home
  • About
    • About MANRS
    • History
    • Partners
    • Advisory Group
      • Description and Role
      • Members
    • Testimonials
    • Contact Us
  • Programmes
    • Network Operators
      • Network Operators Programme and Actions
      • Implementation Guide
      • Participants
      • Join MANRS
    • IXPs
      • IXP Programme and Actions
      • Participants
      • Join IXP Programme
    • CDN and Cloud Providers
      • CDN and Cloud Providers Programme and Actions
      • Participants
      • Join the Programme
  • MANRS Ambassadors
  • Resources
    • All Resources
      • Implementation Guide
      • Papers
    • Training
      • Workshops
      • Tutorials
    • Promote MANRS
  • Observatory
  • Blog
  • Join

More Fraudulent Routing = More Need for MANRS

March 22, 2016 by Andrei Robachevsky Leave a Comment

MANRS Logo 150x150Last week Doug Madory from Dyn Research presented a new set of examples of fraudulent routing, this time coming out of the Ukraine. Most of them are cases of address squatting, when a network announces an arguably unused space to do bad things like spam or malware.

They often do this (a) to hide and redirect attribution for these bad things if they are discovered, and (b) to avoid being banned by various blacklists. Like parasites, they hijack someone else’s address space, exploit it for awhile, and then move on.

Doug has observed two concerning trends. First, criminals’ assumptions are not always correct about how “unused” the address space is. A seemingly unused space can be used once in awhile, like the APRICOT network that is only used about four weeks a year. But when this usage clashes with a hijacking the impact can be severe, leading to a massive denial of service on the network.

A second trend is that criminals are getting better at hiding. Not only announcing others’ space, but also forging the AS path – a BGP attribute showing networks that routing information passed through to get to a specified router. This forged path shows the correct origin for the announced address space, so it is hard to detect and hard to filter out.

The good news is that incidents like this can be spotted and prevented if more networks begin watching more carefully what their customers are announcing. And the more networks do that, the fewer opportunities there are for criminals to exploit the global routing system, undermining its stability and security.

The MANRS actions are aimed exactly at that. MANRS defines a new industry norm for routing security that will to a great extent prevent incidents like this and improve confidence in the routing system of the Internet.

Are you a network operator already implementing the MANRS actions? Sign up today to show your support for MANRS! Interested in learning more? Read the full MANRS document and its expected actions, or contact us with any questions.

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • More
  • Email
  • Print
  • Reddit
  • Tumblr

Category iconNews and Announcements,  Routing Security Incidents Tag iconDyn Research

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • IXP peering platform: an environment to take care of
  • Partnering with NSRC on MANRS & Routing Security Training
  • Partnering with Global Cyber Alliance on Open Standards, Routing Security, and More
  • Working with CSIRTs to improve routing security
  • MANRS Welcomes 500th Network Operator
MANRS logo
Join MANRS
  • Sharing Our Content
  • Terms of Use
  • Privacy Policy
  • Contact
Follow us: Follow MANRS on Twitter Follow MANRS on Facebook Follow MANRS on YouTube

MANRS Document © 2016–2021

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.