Potential Prefix Hijack

Mohit Lad mohitlad at gmail.com
Wed Nov 12 17:37:29 UTC 2008

The local scope of the event is also the reason that PHAS did not catch the
hijack. Nevertheless, its good to have different services for hijack
detection running independently, especially if they are getting different
feeds. Even a hijack that is local in scope is worth alerting about; if not
anything, at least to ensure it stays local :)


On Nov 12, 2008, at 4:52 AM, Eduardo Ascenço Reis wrote:

Dear Fellows,

I would like to add some information to this thread from AS27664

Both AS27664 (CTBC Multimídia) and AS22548 (Nic.br) share two common points:
1. They are IP transit customers from AS16735 (CTBC Telecom).
2. They feed with full BGP routing table the RIS/RIPE project located
at PTTMetro-SP, Brazil (rrc15).

I checked all BGP updates of 2008111[01] from Route Views Archive
Project [1] and looked for prefixes originated by AS16735. I compared
those with the prefixes officially allocated by Registro.br to AS16735
[2] and did not find any case o prefixes from different AS. This
analyses confirms that yesterday AS16735 issue of IP prefixes
Hijacking was not globally propagated.

It seems that only some AS16735's Internet customers (like AS27664 and
AS22548) were affect by this problem.



Eduardo Ascenço Reis

[1] http://archive.routeviews.org/
[2] https://registro.br/cgi-bin/whois/

More information about the NANOG mailing list