Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

BGP hijacker booted off the Internet's backbone

Outfit called Bitcanal didn't just camp on addresses, it leased them to spammers

A year-long effort to stop an accused “bad actor” who hijacked border gateway protocol (BGP) routes has borne fruit, with giant Hurricane Electric and Portugal's IPTelecom joining in cutting off an organisation called Bitcanal.

Dyn detailed the process, which is nearing completion a year after German Internet exchange DE-CIX expelled Bitcanal from its exchanges.

The most recent effort, Dyn notes, was launched by security researcher Ronald Guilmette, who in June documented 39 “deliberately hijacked routes” announced via Hurricane Electric alone.

Image: Serazetdinov http://www.shutterstock.com/fr/pic-114819721/stock-vector-illustration-of-a-strong-blast-of-brain.html

BGP borked? Blame the net's big boppers

READ MORE

“According to the more complete and up-to-the-minute data that I just now fetched from RIPEstat, the real number of hijacked routes is more on the order of 130 separate hijacked routes for a total of 224,512 IPv4 addresses”, Guilmette wrote.

He also accused the company of “reselling their stolen IP space to spammers”.

In response to that post, Dyn noted, transit providers GTT Communications and Cogent disconnected Bitcanal – but the organisation was still able to announce routes through other providers.

The hijacks gave Bitcanal huge slabs of in-short-supply IPv4 addresses belonging to others, for example in its announcement of addresses owned by Beijing Jingdong 360 Degree E-commerce. The hijack of a /16 block temporarily puts the owner in control of around 64,000 addresses.

After disconnection by Cogent, Bitcanal moved to Belgium's BICS, was disconnected, moved to Germany's Meerfarbig, and was disconnected again.

The Hurricane Electric and IPTelecom disconnections leave Bitcanal “effectively cutoff from the global internet”, Dyn's post explained.

“Bitcanal’s IPv6 route (2a00:4c80::/29) was also withdrawn at 16:04 UTC today. According to Spamhaus, it was also the source of large amounts of spam email and is listed on their IPv6 Drop list.”

Dyn's Doug Madory concludes his post by asking for greater participation from IXPs to get bad actors off their networks. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like