SlideShare a Scribd company logo

IPv4 Hijacking: Our Experience

RIPE NCC
RIPE NCC

Presentation given by Ivo Dijkhuis and Mirjam Kuehne at TERENA TF-CSIRT 43 Meeting, Rome, Italy on 18 September 2014

Technology
1 of 14
Download to read offline
IPv4 Hijacking: Our Experience Mirjam Kühne, Ivo Dijkhuis TF-CSIRT 43 | Rome - Italy | 18 September 2014
Overview • Introduction to the RIPE NCC • Our definition of hijacking • Common approaches we observe • Investigations and interventions • Common difficulties and typical responses • What you can do Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 2
Introduction to the RIPE NCC • Not-for-profit, independent membership association • Neutral and impartial • Established in Amsterdam in 1992 • Provides open community platform • Over 10,000 members in 76 countries • Bottom-up industry self regulation Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 3
RIPE NCC Activities • Distribute IP addresses and AS numbers • Support policy development in the RIPE NCC service region (Europe, Middle East, parts of central Asia) • Maintain RIPE registry (RIPE whois Database) • Resource certification (RPKI) • Training Courses • Tools and measurements - RIPE Atlas, RIPEstat Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 4
Our Definition of Hijacking ! “Taking control of issued Internet number resources under false pretences” ! • IPv4 addresses get re-registered to hijackers or another (innocent) organisation • IPv4 addresses have economic value due to IPv4 scarcity Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 5
Background Information • 12 September 2012: the RIPE NCC starts allocating from the last /8 • The RIPE NCC sees an increase in hijackings of apparently unused and/or abandoned addresses • Hijacks found so far • 227 cases investigated, 19 hijacks found, 6 ongoing • Often cases get resolved before they turn into hijack • Most hijacking cases involve organisations we don’t have a business relationship with (PI, legacy) Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 6
When Do We Investigate? • A resource holder sends us a complaint or abuse report • An experienced staff member notices something out of the ordinary • Follow-up from existing investigations: one case often leads to another Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 7
Common Approaches Hijackers Use • Research company histories and provide paper trails to demonstrate changes in business structure • Conduct BGP test announcements to check if addresses are unused • Re-register expired domain names to make email change requests look legitimate • Copy websites, with identical pages hosted on (almost) identical domain names Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 8
Common Approaches Hijackers Use • Forged documentation • Faked IDs • Faked company registration papers • Forged signatures of real people on contracts • Forged stamps and signatures of notaries and resource holders Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 9
How Do We Investigate? • We check changes in company structure • Public records • National chamber of commerce registries • We contact former and current resource holders (where possible) • Contact notaries found on documentation • Phone calls, emails and faxes • Using other contact information beyond what was provided Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 10
What Do We Do? • Allowing time to support claim to the address space • Reverting all changes immediately • Resources are de-registered if no legitimate holder found • Where member involvement in the hijacking case can be proven • Closure of member account and de-registration of IP resources • Reporting to authorities where appropriate Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 11
Common Difficulties • The resource holder expects immediate action while we need to investigate carefully • It can be difficult to find and contact the resource holder in question • No effective penalty and lots to gain for the hijacker: • They can open a new RIPE NCC member account • No high costs involved • No blacklists, no fine Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 12
What You Can Do • Protect your resources against hijacking by making sure your RIPE Database objects and contact information are up to date • If acquiring resources, ensure you are in contact with the legitimate holder or representative • If you need help, or think your resources may have been hijacked, contact: reg-review@ripe.net ! ! https://www.ripe.net/lir-services/resource-management/address-hijacking-in-the-ripe-ncc-service-region ! Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 13
Questions? Section Title Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 14

Recommended

Haagse Hogeschool 2012-09-13
Haagse Hogeschool 2012-09-13Haagse Hogeschool 2012-09-13
Haagse Hogeschool 2012-09-13
maartenmarx
 
RIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC
 
140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikov140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikov
RIPE NCC
 
Policy Making: A Powerful Tool
Policy Making: A Powerful ToolPolicy Making: A Powerful Tool
Policy Making: A Powerful Tool
RIPE NCC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification Tutorial
RIPE NCC
 
"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6
RIPE NCC
 
Are Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasAre Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
RIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
RIPE NCC
 

Recommended

Haagse Hogeschool 2012-09-13
Haagse Hogeschool 2012-09-13Haagse Hogeschool 2012-09-13
Haagse Hogeschool 2012-09-13
maartenmarx
 
RIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC
 
140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikov140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikov
RIPE NCC
 
Policy Making: A Powerful Tool
Policy Making: A Powerful ToolPolicy Making: A Powerful Tool
Policy Making: A Powerful Tool
RIPE NCC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification Tutorial
RIPE NCC
 
"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6
RIPE NCC
 
Are Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasAre Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
RIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
RIPE NCC
 
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Knobbe Martens - Intellectual Property Law
 
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG: connecting the knowledge community
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)
RIPE NCC
 
Electronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic ExaminersElectronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic Examiners
BoyarMiller
 
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Knobbe Martens - Intellectual Property Law
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdf
Alejandro Daricz
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - Ireland
Thorntongroup
 
The Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. DayThe Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
Rob Robinson
 
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Quarles & Brady
 
Big Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should KnowBig Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should Know
Data Con LA
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
Onkar1431
 
Setting up an IP Framework for an organization
Setting up an IP Framework for an organizationSetting up an IP Framework for an organization
Setting up an IP Framework for an organization
Raghuveer Subodha
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
 
OpenLI
OpenLIOpenLI
OpenLI
APNIC
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
MyComplianceOffice
 
How To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual PropertyHow To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual Property
SecureDocs
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
ssuser32ab97
 
Preparing Your Medical Device NewCo For IP Due Diligence
Preparing Your Medical Device NewCo For IP Due DiligencePreparing Your Medical Device NewCo For IP Due Diligence
Preparing Your Medical Device NewCo For IP Due Diligence
Knobbe Martens - Intellectual Property Law
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
Aurélie Pols
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
Asad Zaman
 
Know Your Network; why every network operator should host a RIPE Atlas probe
Know Your Network; why every network operator should host a RIPE Atlas probeKnow Your Network; why every network operator should host a RIPE Atlas probe
Know Your Network; why every network operator should host a RIPE Atlas probe
RIPE NCC
 
Taiwan's Digital Landscape with RIPE NCC Tools
Taiwan's Digital Landscape with RIPE NCC ToolsTaiwan's Digital Landscape with RIPE NCC Tools
Taiwan's Digital Landscape with RIPE NCC Tools
RIPE NCC
 

More Related Content

Similar to IPv4 Hijacking: Our Experience

Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Knobbe Martens - Intellectual Property Law
 
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG: connecting the knowledge community
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)
RIPE NCC
 
Electronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic ExaminersElectronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic Examiners
BoyarMiller
 
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Knobbe Martens - Intellectual Property Law
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdf
Alejandro Daricz
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - Ireland
Thorntongroup
 
The Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. DayThe Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
Rob Robinson
 
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Quarles & Brady
 
Big Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should KnowBig Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should Know
Data Con LA
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
Onkar1431
 
Setting up an IP Framework for an organization
Setting up an IP Framework for an organizationSetting up an IP Framework for an organization
Setting up an IP Framework for an organization
Raghuveer Subodha
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
 
OpenLI
OpenLIOpenLI
OpenLI
APNIC
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
MyComplianceOffice
 
How To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual PropertyHow To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual Property
SecureDocs
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
ssuser32ab97
 
Preparing Your Medical Device NewCo For IP Due Diligence
Preparing Your Medical Device NewCo For IP Due DiligencePreparing Your Medical Device NewCo For IP Due Diligence
Preparing Your Medical Device NewCo For IP Due Diligence
Knobbe Martens - Intellectual Property Law
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
Aurélie Pols
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
Asad Zaman
 

Similar to IPv4 Hijacking: Our Experience (20)

Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
 
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
UKSG Conference 2016 Breakout Session - Who’s reading your valuable content a...
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)
 
Electronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic ExaminersElectronic Forensic Protocols and Working with Computer Forensic Examiners
Electronic Forensic Protocols and Working with Computer Forensic Examiners
 
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
Protecting Your Intellectual Property: Cost-Saving Techniques, Legal Updates ...
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdf
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - Ireland
 
The Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. DayThe Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
The Litigation Hold – Systems, Processes and Challenges | Daniel S. Day
 
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
Protecting Your Intellectual Property: How to Patent Your Copyright with a Tr...
 
Big Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should KnowBig Data And The Law: What Every Data Enthusiast Should Know
Big Data And The Law: What Every Data Enthusiast Should Know
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Setting up an IP Framework for an organization
Setting up an IP Framework for an organizationSetting up an IP Framework for an organization
Setting up an IP Framework for an organization
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
 
OpenLI
OpenLIOpenLI
OpenLI
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
 
How To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual PropertyHow To Protect Your Company's Intellectual Property
How To Protect Your Company's Intellectual Property
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
Preparing Your Medical Device NewCo For IP Due Diligence
Preparing Your Medical Device NewCo For IP Due DiligencePreparing Your Medical Device NewCo For IP Due Diligence
Preparing Your Medical Device NewCo For IP Due Diligence
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 

More from RIPE NCC

Know Your Network; why every network operator should host a RIPE Atlas probe
Know Your Network; why every network operator should host a RIPE Atlas probeKnow Your Network; why every network operator should host a RIPE Atlas probe
Know Your Network; why every network operator should host a RIPE Atlas probe
RIPE NCC
 
Taiwan's Digital Landscape with RIPE NCC Tools
Taiwan's Digital Landscape with RIPE NCC ToolsTaiwan's Digital Landscape with RIPE NCC Tools
Taiwan's Digital Landscape with RIPE NCC Tools
RIPE NCC
 
Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
RIPE NCC
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
RIPE NCC
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in Tech
RIPE NCC
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
RIPE NCC
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
RIPE NCC
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
RIPE NCC
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
RIPE NCC
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
RIPE NCC
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement Tools
RIPE NCC
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the Baltics
RIPE NCC
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing Security
RIPE NCC
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
RIPE NCC
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
RIPE NCC
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE Atlas
RIPE NCC
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement Services
RIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
RIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
RIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
RIPE NCC
 

More from RIPE NCC (20)

Know Your Network; why every network operator should host a RIPE Atlas probe
Know Your Network; why every network operator should host a RIPE Atlas probeKnow Your Network; why every network operator should host a RIPE Atlas probe
Know Your Network; why every network operator should host a RIPE Atlas probe
 
Taiwan's Digital Landscape with RIPE NCC Tools
Taiwan's Digital Landscape with RIPE NCC ToolsTaiwan's Digital Landscape with RIPE NCC Tools
Taiwan's Digital Landscape with RIPE NCC Tools
 
Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in Tech
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement Tools
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the Baltics
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing Security
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE Atlas
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement Services
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 

Recently uploaded

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 

Recently uploaded (20)

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 

IPv4 Hijacking: Our Experience

  • 1. IPv4 Hijacking: Our Experience Mirjam Kühne, Ivo Dijkhuis TF-CSIRT 43 | Rome - Italy | 18 September 2014
  • 2. Overview • Introduction to the RIPE NCC • Our definition of hijacking • Common approaches we observe • Investigations and interventions • Common difficulties and typical responses • What you can do Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 2
  • 3. Introduction to the RIPE NCC • Not-for-profit, independent membership association • Neutral and impartial • Established in Amsterdam in 1992 • Provides open community platform • Over 10,000 members in 76 countries • Bottom-up industry self regulation Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 3
  • 4. RIPE NCC Activities • Distribute IP addresses and AS numbers • Support policy development in the RIPE NCC service region (Europe, Middle East, parts of central Asia) • Maintain RIPE registry (RIPE whois Database) • Resource certification (RPKI) • Training Courses • Tools and measurements - RIPE Atlas, RIPEstat Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 4
  • 5. Our Definition of Hijacking ! “Taking control of issued Internet number resources under false pretences” ! • IPv4 addresses get re-registered to hijackers or another (innocent) organisation • IPv4 addresses have economic value due to IPv4 scarcity Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 5
  • 6. Background Information • 12 September 2012: the RIPE NCC starts allocating from the last /8 • The RIPE NCC sees an increase in hijackings of apparently unused and/or abandoned addresses • Hijacks found so far • 227 cases investigated, 19 hijacks found, 6 ongoing • Often cases get resolved before they turn into hijack • Most hijacking cases involve organisations we don’t have a business relationship with (PI, legacy) Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 6
  • 7. When Do We Investigate? • A resource holder sends us a complaint or abuse report • An experienced staff member notices something out of the ordinary • Follow-up from existing investigations: one case often leads to another Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 7
  • 8. Common Approaches Hijackers Use • Research company histories and provide paper trails to demonstrate changes in business structure • Conduct BGP test announcements to check if addresses are unused • Re-register expired domain names to make email change requests look legitimate • Copy websites, with identical pages hosted on (almost) identical domain names Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 8
  • 9. Common Approaches Hijackers Use • Forged documentation • Faked IDs • Faked company registration papers • Forged signatures of real people on contracts • Forged stamps and signatures of notaries and resource holders Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 9
  • 10. How Do We Investigate? • We check changes in company structure • Public records • National chamber of commerce registries • We contact former and current resource holders (where possible) • Contact notaries found on documentation • Phone calls, emails and faxes • Using other contact information beyond what was provided Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 10
  • 11. What Do We Do? • Allowing time to support claim to the address space • Reverting all changes immediately • Resources are de-registered if no legitimate holder found • Where member involvement in the hijacking case can be proven • Closure of member account and de-registration of IP resources • Reporting to authorities where appropriate Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 11
  • 12. Common Difficulties • The resource holder expects immediate action while we need to investigate carefully • It can be difficult to find and contact the resource holder in question • No effective penalty and lots to gain for the hijacker: • They can open a new RIPE NCC member account • No high costs involved • No blacklists, no fine Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 12
  • 13. What You Can Do • Protect your resources against hijacking by making sure your RIPE Database objects and contact information are up to date • If acquiring resources, ensure you are in contact with the legitimate holder or representative • If you need help, or think your resources may have been hijacked, contact: reg-review@ripe.net ! ! https://www.ripe.net/lir-services/resource-management/address-hijacking-in-the-ripe-ncc-service-region ! Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 13
  • 14. Questions? Section Title Kühne & Dijkhuis - TF-CSIRT 43 - 18/9/2014 14