SlideShare a Scribd company logo

IPv4 Hijacking: Our Experience

RIPE NCC
RIPE NCC

Presentation given by Ivo Dijkhuis and Mirjam Kuehne at TERENA TF-CSIRT 43 Meeting, Rome, Italy on 18 September 2014

Technology
1 of 14
Download to read offline
IPv4 Hijacking: Our Experience Mirjam Kühne, Ivo Dijkhuis TF-CSIRT 43 | Rome - Italy | 18 September 2014
Overview • Introduction to the RIPE NCC • Our definition of hijacking • Common approaches we observe • Investigations and interventions • Common difficulties and typical responses • What you can do Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 2
Introduction to the RIPE NCC • Not-for-profit, independent membership association • Neutral and impartial • Established in Amsterdam in 1992 • Provides open community platform • Over 10,000 members in 76 countries • Bottom-up industry self regulation Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 3
RIPE NCC Activities • Distribute IP addresses and AS numbers • Support policy development in the RIPE NCC service region (Europe, Middle East, parts of central Asia) • Maintain RIPE registry (RIPE whois Database) • Resource certification (RPKI) • Training Courses • Tools and measurements - RIPE Atlas, RIPEstat Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 4
Our Definition of Hijacking ! “Taking control of issued Internet number resources under false pretences” ! • IPv4 addresses get re-registered to hijackers or another (innocent) organisation • IPv4 addresses have economic value due to IPv4 scarcity Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 5
Background Information • 12 September 2012: the RIPE NCC starts allocating from the last /8 • The RIPE NCC sees an increase in hijackings of apparently unused and/or abandoned addresses • Hijacks found so far • 227 cases investigated, 19 hijacks found, 6 ongoing • Often cases get resolved before they turn into hijack • Most hijacking cases involve organisations we don’t have a business relationship with (PI, legacy) Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 6
When Do We Investigate? • A resource holder sends us a complaint or abuse report • An experienced staff member notices something out of the ordinary • Follow-up from existing investigations: one case often leads to another Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 7
Common Approaches Hijackers Use • Research company histories and provide paper trails to demonstrate changes in business structure • Conduct BGP test announcements to check if addresses are unused • Re-register expired domain names to make email change requests look legitimate • Copy websites, with identical pages hosted on (almost) identical domain names Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 8
Common Approaches Hijackers Use • Forged documentation • Faked IDs • Faked company registration papers • Forged signatures of real people on contracts • Forged stamps and signatures of notaries and resource holders Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 9
How Do We Investigate? • We check changes in company structure • Public records • National chamber of commerce registries • We contact former and current resource holders (where possible) • Contact notaries found on documentation • Phone calls, emails and faxes • Using other contact information beyond what was provided Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 10
What Do We Do? • Allowing time to support claim to the address space • Reverting all changes immediately • Resources are de-registered if no legitimate holder found • Where member involvement in the hijacking case can be proven • Closure of member account and de-registration of IP resources • Reporting to authorities where appropriate Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 11
Common Difficulties • The resource holder expects immediate action while we need to investigate carefully • It can be difficult to find and contact the resource holder in question • No effective penalty and lots to gain for the hijacker: • They can open a new RIPE NCC member account • No high costs involved • No blacklists, no fine Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 12
What You Can Do • Protect your resources against hijacking by making sure your RIPE Database objects and contact information are up to date • If acquiring resources, ensure you are in contact with the legitimate holder or representative • If you need help, or think your resources may have been hijacked, contact: reg-review@ripe.net ! ! https://www.ripe.net/lir-services/resource-management/address-hijacking-in-the-ripe-ncc-service-region ! Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 13
Questions? Section Title Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 14

Recommended

Haagse Hogeschool 2012-09-13
Haagse Hogeschool 2012-09-13Haagse Hogeschool 2012-09-13
Haagse Hogeschool 2012-09-13maartenmarx
 
RIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC
 
140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikov140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikovRIPE NCC
 
Policy Making: A Powerful Tool
Policy Making: A Powerful ToolPolicy Making: A Powerful Tool
Policy Making: A Powerful ToolRIPE NCC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6RIPE NCC
 
Are Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasAre Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasRIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE AtlasRIPE NCC
 

Recommended

Haagse Hogeschool 2012-09-13
Haagse Hogeschool 2012-09-13Haagse Hogeschool 2012-09-13
Haagse Hogeschool 2012-09-13maartenmarx
 
RIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC
 
140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikov140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikovRIPE NCC
 
Policy Making: A Powerful Tool
Policy Making: A Powerful ToolPolicy Making: A Powerful Tool
Policy Making: A Powerful ToolRIPE NCC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6RIPE NCC
 
Are Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasAre Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasRIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE AtlasRIPE NCC
 
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Knobbe Martens - Intellectual Property Law
 
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...UKSG: connecting the knowledge community
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)RIPE NCC
 
Electronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic ExaminersElectronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic ExaminersBoyarMiller
 
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Knobbe Martens - Intellectual Property Law
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfAlejandro Daricz
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandThorntongroup
 
The Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. DayThe Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. DayRob Robinson
 
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...Quarles & Brady
 
Big Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should KnowBig Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should KnowData Con LA
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptOnkar1431
 
Setting up an IP Framework for an organization
Setting up an IP Framework for an organizationSetting up an IP Framework for an organization
Setting up an IP Framework for an organizationRaghuveer Subodha
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
OpenLI
OpenLIOpenLI
OpenLIAPNIC
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPRMyComplianceOffice
 
How To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual PropertyHow To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual PropertySecureDocs
 
ch01.ppt
ch01.pptch01.ppt
ch01.pptssuser32ab97
 
Preparing Your Medical Device NewCo For IP Due Diligence
Preparing Your Medical Device NewCo For IP Due DiligencePreparing Your Medical Device NewCo For IP Due Diligence
Preparing Your Medical Device NewCo For IP Due DiligenceKnobbe Martens - Intellectual Property Law
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...Aurélie Pols
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryRIPE NCC
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionRIPE NCC
 

More Related Content

Similar to IPv4 Hijacking: Our Experience

Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Knobbe Martens - Intellectual Property Law
 
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...UKSG: connecting the knowledge community
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)RIPE NCC
 
Electronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic ExaminersElectronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic ExaminersBoyarMiller
 
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Knobbe Martens - Intellectual Property Law
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandThorntongroup
 
The Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. DayThe Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. DayRob Robinson
 
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...Quarles & Brady
 
Big Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should KnowBig Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should KnowData Con LA
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptOnkar1431
 
Setting up an IP Framework for an organization
Setting up an IP Framework for an organizationSetting up an IP Framework for an organization
Setting up an IP Framework for an organizationRaghuveer Subodha
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
OpenLI
OpenLIOpenLI
OpenLIAPNIC
 
How To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual PropertyHow To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual PropertySecureDocs
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...Aurélie Pols
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 

Similar to IPv4 Hijacking: Our Experience (20)

Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
 
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)
 
Electronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic ExaminersElectronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic Examiners
 
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdf
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - Ireland
 
The Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. DayThe Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
 
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
 
Big Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should KnowBig Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should Know
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Setting up an IP Framework for an organization
Setting up an IP Framework for an organizationSetting up an IP Framework for an organization
Setting up an IP Framework for an organization
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
 
OpenLI
OpenLIOpenLI
OpenLI
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
 
How To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual PropertyHow To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual Property
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
Preparing Your Medical Device NewCo For IP Due Diligence
Preparing Your Medical Device NewCo For IP Due DiligencePreparing Your Medical Device NewCo For IP Due Diligence
Preparing Your Medical Device NewCo For IP Due Diligence
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 

More from RIPE NCC

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryRIPE NCC
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionRIPE NCC
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in TechRIPE NCC
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfRIPE NCC
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISRIPE NCC
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopRIPE NCC
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfRIPE NCC
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfRIPE NCC
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsRIPE NCC
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing SecurityRIPE NCC
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfRIPE NCC
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasRIPE NCC
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasRIPE NCC
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet InfrastructureRIPE NCC
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenRIPE NCC
 

More from RIPE NCC (20)

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in Tech
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement Tools
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the Baltics
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing Security
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE Atlas
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement Services
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in Sweden
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

IPv4 Hijacking: Our Experience

  • 1. IPv4 Hijacking: Our Experience Mirjam Kühne, Ivo Dijkhuis TF-CSIRT 43 | Rome - Italy | 18 September 2014
  • 2. Overview • Introduction to the RIPE NCC • Our definition of hijacking • Common approaches we observe • Investigations and interventions • Common difficulties and typical responses • What you can do Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 2
  • 3. Introduction to the RIPE NCC • Not-for-profit, independent membership association • Neutral and impartial • Established in Amsterdam in 1992 • Provides open community platform • Over 10,000 members in 76 countries • Bottom-up industry self regulation Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 3
  • 4. RIPE NCC Activities • Distribute IP addresses and AS numbers • Support policy development in the RIPE NCC service region (Europe, Middle East, parts of central Asia) • Maintain RIPE registry (RIPE whois Database) • Resource certification (RPKI) • Training Courses • Tools and measurements - RIPE Atlas, RIPEstat Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 4
  • 5. Our Definition of Hijacking ! “Taking control of issued Internet number resources under false pretences” ! • IPv4 addresses get re-registered to hijackers or another (innocent) organisation • IPv4 addresses have economic value due to IPv4 scarcity Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 5
  • 6. Background Information • 12 September 2012: the RIPE NCC starts allocating from the last /8 • The RIPE NCC sees an increase in hijackings of apparently unused and/or abandoned addresses • Hijacks found so far • 227 cases investigated, 19 hijacks found, 6 ongoing • Often cases get resolved before they turn into hijack • Most hijacking cases involve organisations we don’t have a business relationship with (PI, legacy) Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 6
  • 7. When Do We Investigate? • A resource holder sends us a complaint or abuse report • An experienced staff member notices something out of the ordinary • Follow-up from existing investigations: one case often leads to another Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 7
  • 8. Common Approaches Hijackers Use • Research company histories and provide paper trails to demonstrate changes in business structure • Conduct BGP test announcements to check if addresses are unused • Re-register expired domain names to make email change requests look legitimate • Copy websites, with identical pages hosted on (almost) identical domain names Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 8
  • 9. Common Approaches Hijackers Use • Forged documentation • Faked IDs • Faked company registration papers • Forged signatures of real people on contracts • Forged stamps and signatures of notaries and resource holders Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 9
  • 10. How Do We Investigate? • We check changes in company structure • Public records • National chamber of commerce registries • We contact former and current resource holders (where possible) • Contact notaries found on documentation • Phone calls, emails and faxes • Using other contact information beyond what was provided Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 10
  • 11. What Do We Do? • Allowing time to support claim to the address space • Reverting all changes immediately • Resources are de-registered if no legitimate holder found • Where member involvement in the hijacking case can be proven • Closure of member account and de-registration of IP resources • Reporting to authorities where appropriate Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 11
  • 12. Common Difficulties • The resource holder expects immediate action while we need to investigate carefully • It can be difficult to find and contact the resource holder in question • No effective penalty and lots to gain for the hijacker: • They can open a new RIPE NCC member account • No high costs involved • No blacklists, no fine Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 12
  • 13. What You Can Do • Protect your resources against hijacking by making sure your RIPE Database objects and contact information are up to date • If acquiring resources, ensure you are in contact with the legitimate holder or representative • If you need help, or think your resources may have been hijacked, contact: reg-review@ripe.net ! ! https://www.ripe.net/lir-services/resource-management/address-hijacking-in-the-ripe-ncc-service-region ! Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 13
  • 14. Questions? Section Title Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 14