resolving prefix hijacks (was Re: Prefix hijacking by Michael Lindsay via Internap)

Jon Lewis jlewis at
Sun Aug 21 14:22:03 CDT 2011

On Sun, 21 Aug 2011, Ken Chase wrote:

> That said, what is the de jure responce when a prefix is hijacked? Does
> anyone have a 'best practices' guide? I am sure some of the most effective
> vs legal practices are not in fact concomittant.

It doesn't hurt to complain/announce about it here and various other NOGs. 
Spamhaus, SORBS, and possibly other DNSBLs might, if they buy the case, 
decide to list the space until the dispute is resolved, especially if its 
being used for spamming operations.

But resolution is going to have to come from communications between the 
"owner", the relevant RIR, and the transit provider(s) (or possibly their 
transit providers) providing service to the hijacker.

The RIRs can't stop anyone from announcing routes...but I suspect any 
legitimate NSP when approached by ARIN, RIPE, APNIC, etc. and told that 
routes they're propagating for a customer are hijacked, will accede to the 
opionion of the RIR.

  Jon Lewis, MCP :)           |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ for PGP public key_________

More information about the NANOG mailing list