[JoshTriplett]

The bit I had hoped to see at the end of this article: "and here's how we stopped these bogus routes at their upstream links, to prevent this problem from recurring".

Disappointing to see so much analysis and no solution.

[davidu]

This has been a problem people thought had been happening for a while. It's only with this detailed analysis that the light is being cast on it.

Now we can work on solutions. And we will.

[byerley]

No,

This has been looked at pretty extensively before. Confusingly enough, a lot of the research was done by the creators of BGPmon (http://bgpmon.netsec.colostate.edu/ - same name, concept, and primary functionality with no connection between the two as far as I can tell).

The solution is easy enough, secured peering to prevent hijacking, and a centralized certification process to prevent rogue AS's. We've known this stuff for a good decade now, but the exploitation has never been serious enough to overcome push-backs on the costs (both in terms of hardware and reachability issues) from ISPs.

[wmf]

Because Pakistan BGP-hijacking YouTube wasn't enough of a reason?

[davidu]

That was a censorship attempt that was fat finger'd to cause a leak. We all knew what happened there.

[JoshTriplett]

That's still the kind of thing we wan to prevent. Seems like a good argument for adding some kind of range enforcement to BGP routers, similar to HTTPS certificate pinning.