More Fraudulent Routing = More Need for MANRS Thumbnail
‹ Back
Building Trust 22 March 2016

More Fraudulent Routing = More Need for MANRS

Andrei Robachevsky
By Andrei RobachevskySenior Director, Technology Programmes

Last week Doug Madory from Dyn Research presented a new set of examples of fraudulent routing, this time coming out of the Ukraine. Most of them are cases of address squatting, when a network announces an arguably unused space to do bad things like spam or malware.

They often do this (a) to hide and redirect attribution for these bad things if they are discovered, and (b) to avoid being banned by various blacklists. Like parasites, they hijack someone else’s address space, exploit it for awhile, and then move on.

Doug has observed two concerning trends. First, criminals’ assumptions are not always correct about how “unused” the address space is. A seemingly unused space can be used once in awhile, like the APRICOT network that is only used about four weeks a year. But when this usage clashes with a hijacking the impact can be severe, leading to a massive denial of service on the network.

A second trend is that criminals are getting better at hiding. Not only announcing others’ space, but also forging the AS path – a BGP attribute showing networks that routing information passed through to get to a specified router. This forged path shows the correct origin for the announced address space, so it is hard to detect and hard to filter out.

The good news is that incidents like this can be spotted and prevented if more networks begin watching more carefully what their customers are announcing. And the more networks do that, the fewer opportunities there are for criminals to exploit the global routing system, undermining its stability and security.

The MANRS actions are aimed exactly at that. MANRS defines a new industry norm for routing security that will to a great extent prevent incidents like this and improve confidence in the routing system of the Internet.

Are you a network operator already implementing the MANRS actions? Sign up today to show your support for MANRS! Interested in learning more? Read the full MANRS document and its expected actions, or contact us with any questions.

[Editor’s Note: This post originally appeared on the MANRS Blog at]

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...

Join the conversation with Internet Society members around the world