Donate
More Fraudulent Routing = More Need for MANRS Thumbnail
‹ Back
Building Trust 22 March 2016

More Fraudulent Routing = More Need for MANRS

Andrei Robachevsky
By Andrei RobachevskySenior Technology Programme Manager

Last week Doug Madory from Dyn Research presented a new set of examples of fraudulent routing, this time coming out of the Ukraine. Most of them are cases of address squatting, when a network announces an arguably unused space to do bad things like spam or malware.

They often do this (a) to hide and redirect attribution for these bad things if they are discovered, and (b) to avoid being banned by various blacklists. Like parasites, they hijack someone else’s address space, exploit it for awhile, and then move on.

Doug has observed two concerning trends. First, criminals’ assumptions are not always correct about how “unused” the address space is. A seemingly unused space can be used once in awhile, like the APRICOT network that is only used about four weeks a year. But when this usage clashes with a hijacking the impact can be severe, leading to a massive denial of service on the network.

A second trend is that criminals are getting better at hiding. Not only announcing others’ space, but also forging the AS path – a BGP attribute showing networks that routing information passed through to get to a specified router. This forged path shows the correct origin for the announced address space, so it is hard to detect and hard to filter out.

The good news is that incidents like this can be spotted and prevented if more networks begin watching more carefully what their customers are announcing. And the more networks do that, the fewer opportunities there are for criminals to exploit the global routing system, undermining its stability and security.

The MANRS actions are aimed exactly at that. MANRS defines a new industry norm for routing security that will to a great extent prevent incidents like this and improve confidence in the routing system of the Internet.

Are you a network operator already implementing the MANRS actions? Sign up today to show your support for MANRS! Interested in learning more? Read the full MANRS document and its expected actions, or contact us with any questions.

[Editor’s Note: This post originally appeared on the MANRS Blog at https://www.routingmanifesto.org/2016/03/more-fraudulent-routing-more-need-for-manrs/.]

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Why Network Operators Need to be Concerned - And How MANRS Can Help
Why Network Operators Need to be Concerned - And How MANRS Can Help
Building Trust4 February 2015

Why Network Operators Need to be Concerned – And How MANRS Can Help

Abusing the vulnerabilities of the routing system for various types of malicious activities – like sending spam or spreading malware...

Why Routing Security Matters, and IXPs Play a Role
Why Routing Security Matters, and IXPs Play a Role
Improving Technical Security24 July 2015

Why Routing Security Matters, and IXPs Play a Role

Routing incidents happen all the time, but for an individual average network operator they seem somewhat infrequent. When these routing...

Routing, and Water, Are All about Trust: Introducing "Routing Security for Policymakers"
Routing, and Water, Are All about Trust: Introducing
Mutually Agreed Norms for Routing Security (MANRS)24 October 2018

Routing, and Water, Are All about Trust: Introducing “Routing Security for Policymakers”

Introducing the new Internet Society white paper, "Routing Security for Policymakers" The global routing system is a lot like a...

Join the conversation with Internet Society members around the world