[nanog] Advice in dealing with BGP prefix hijacking

mack mack at exchange.alphared.com
Mon Sep 29 16:27:01 CDT 2008

First I would contact them, you have obviously done this and it didn't work since it happened again.

Second I would contact their major transit providers, assuming they aren't a major transit provider themselves.
If you share mutual transit providers then you will be most likely to get satisfactory results.
If you aren't a customer of their transit provider then you may not get anywhere.

Third you can contact ARIN to talk to the perpetrator and/or their transit providers.
This is one of their primary functions.

The final option is legal.
IANAL (usual disclaimer)
CMU probably has a legal department that may be able to request an injunction or file suit for damages.
People tend to forget that when prefixes are hijacked there is legal recourse after the fact.
Of course with the international nature of the internet legal recourse may be difficult or impossible.
In this case with a US based ISP, the legal remedy might be feasible.
This is long slow and doesn't help at all during an incident,
but it will probably keep it from happening again.
ISPs are businesses and when it hits the pocket book they pay attention.

LR Mack McBride
Network Administrator
Alpha Red, Inc.

> Message: 2
> Date: Mon, 29 Sep 2008 11:10:48 -0400
> From: "L. Gabriel Somlo" <mikebenden at gmail.com>
> Subject: Advice in dealing with BGP prefix hijacking
> To: nanog at nanog.org
> Message-ID: <20080929151048.GA19783 at hedwig.net.cmu.edu>
> Content-Type: text/plain; charset=us-ascii
> Hi,
> I'm looking for advice on how to deal with a US ISP (names withheld to
> protect the guilty) which seems to repeatedly fat-finger our IP space
> into their BGP announcements, and then gives us the run-around when we
> call them on the phone, since we're not their clients...
> Happened twice already, took several hours to fix each time, and I'm
> looking for any ideas, opinions, and war stories that would help me
> figure out how to discourage them from repeating this type of thing
> in the future...
> Thaks much,
> Mike

More information about the NANOG mailing list