This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/mat-wg@ripe.net/
[mat-wg] Measuring IP address hijacking with RIPE Atlas?
- Previous message (by thread): [mat-wg] Measuring IP address hijacking with RIPE Atlas?
- Next message (by thread): [mat-wg] Measuring IP address hijacking with RIPE Atlas?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Anatole Shaw
ripemat at omni.poc.net
Wed Apr 17 18:51:46 CEST 2013
On Wed, Apr 17, 2013 at 11:24:42AM -0400, Richard Barnes wrote: > However, it's not clear to me how Atlas could help measure hijacking. Atlas is an active measurement network. What sort of probes would detect a hijack? If you look at the behavior of a service on a remote host from the vantagepoint of network A, and that behavior is especially distinct from how it appears from network B, then you can infer that it's not the same remote host. Aside from the possibility that it's an anycast address reaching differently-configured hosts, this would serve as an indicator of a hijack. More or less an automated version of what we did at Greenhost to unravel the hijacked Spamhaus name server case. When I talk about "behavior" I'm including everything under the umbrella of OS fingerprinting, network service fingerprinting, etc. And I think there are plenty more possibilities besides. > I wonder if analyzing some of RIPE's passive data sets might be a better approach. Likely also a valuable approach. Regards, Anatole
- Previous message (by thread): [mat-wg] Measuring IP address hijacking with RIPE Atlas?
- Next message (by thread): [mat-wg] Measuring IP address hijacking with RIPE Atlas?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ mat-wg Archives ]