Prefix hijacking by Michael Lindsay via Internap

Jimmy Hess mysidia at
Sun Aug 21 09:05:47 CDT 2011

On Sun, Aug 21, 2011 at 3:27 AM, Erik Bais <ebais at> wrote:
> Convenient as it may be to use a LIR and their historic provided prefixes,
> have you thought about starting with a clean slate ?

It's probably better for the network community if he _doesn't_ let an apparently
known hijack  to continue;  maybe any address hijacker(s) involved will learn a
lesson and stop.  In the long run it's probably not the most
convenient action,
the hijack has probably 'tainted'  the reputation of the addresses, as in
Spamhaus listing[?]

The most responsible action would be to try to put a stop to any
hijack/unofficial use of the
existing prefix, and  after the new network requirements are determined, return
any portion  of the assigned addresses that is no longer immediately justified
under the current network design.

If info is correctly fixed in WHOIS, then send each of the AS/upstream
AS contacts
from the announcement a letter from the  administrative / tech contact
to request
that they stop propagating  such and such errant announcement from the prefix,
as long as rogue announcements continue....

If it continues to be a problem,  find the upstreams'  upstreams,
until you are sending letters to Tier1 operators.



More information about the NANOG mailing list