The "fix".
Our data center had to announce our IPs as a /24 to overwrite their announcement.
So how is this possible?
(An excellent question from a longtime client of ours that prompted me to do more research about it.)
It's possible because BGP requires no authentication or confirmation of IP ownership. It's up to the upstream providers (Level3, Cogent, HE, nLayer, Verizon, Comcast, etc...) to verify IP ownership but some of them accept any routes provided to them without even manual intervention (Cogent lets all data centers who pay for a commit to announce any IP via a web interface, Level3 requires a phone call or an e-mail/ticket along with a Letter of Authority from the IP owners).
Unfortunately there is no real method to prevent this which is why BGP monitoring services are pretty popular although they just send an e-mail AFTER the damage is done and the IPs are announced. Hopefully with the smaller announcements it will prevent future hijacks.
-The Secure Dragon Staff
Freitag, Mai 31, 2013