http://www.cs.uoregon.edu/activities/poster_contest/2005/boothe-hijacking.pdf

Prefix hijacking is a type of network attack that can give malicious parties access to untraceable IP addresses. On the internet, networks under control of a single entity constitute an Anonymous System (AS), each of which has a unique numerical ID assigned to it by its Regional Internet Registry. Each AS has one or more routers on the edge of its network which routes traffic to all of its peer ASs. ASs then communicate routing
information and establish peering relationships using the Border Gateway Protocol (BGP). This is all done in an effort to allow each AS to make announcements about the IP address space it controls.

IP space is allocated and announced in blocks, so if an AS controls all IP addresses between 3.0.0.0 and 3.255.255.255, then it could announce the block 3.0.0.0/8. The numbers before the slash indicate the IP address mask, and the number after the slash is how many bits of the mask should be considered important. Lower numbers indicate larger blocks – 3.0.0.0/8 contains 16 million IP addresses, while 3.1.2.0/24 contains only 256.

ASs that exchange BGP information directly – “Peering ASs” – are assumed to be friendly with each other, so BGP implements no security against receiving bad or invalid routing info from other routers.

Prefix-hijacking occurs when a malicious or misconfigured AS announces to its peers that a block of IP-address space belongs to themselves, when, in fact, it does not. After a short delay, routes based on this bad announcement propagate through the internet at large and the malicious AS may be able to send and receive traffic using addresses it does not own. This hijacked space can be – and hase been – used to send unsolicited mass e-mails, download copyrighted works, launch break-in attempts, or anything else generally considered to be illegitimate network use.

Should anybody ever see this traffic, blame will generally fall on the owner of the IP space, rather than the hijacker. Indeed, network operators have received cease-and-desist letters for activity relating to IP addresses in their own blocks that have never actually been assigned to a computer.

정리하면, BGP에는 인증이 없고, 따라서 자기가 갖고 있지 않은 IP 주소대를 자기가 갖고 있다고 우기면 게임 셋이다.. 이런 말. 해결책은? 인증하기.