AS hijacking (Philosophy, rants, GeoMind)
davis at udel.edu
Mon Jun 1 10:48:05 UTC 2020
As our canned Email stated, AS2 (and many low digit AS') get
often go on to hijack someone's prefix. AS2 (proper) is rarely changed and
the chances of an actual prefix hijack from it is extremely low.
So as I've asked our peers, I'll ask here: What is expected of us to be good
"Net Citizens" with these hijacks?
We don't have a FTE to assign to contact IX,ISP,etc. sites, often not in
to track down these weekly hijacks. The canned Email has resulted in
where the hijack is found to be a prepending syntax error, or a lab
through to production, but still a majority are supposed malicious and
Seeing AS paths of the prefix hijacks would be helpful, but we're not
aware of where
we can get to them and offer the Email response asking the victim to
On 5/30/20 2:09 PM, William Herrin wrote:
> On Fri, May 29, 2020 at 8:40 AM Justin Wilson (Lists) <lists at mtin.net> wrote:
>> Here is where the philosophy comes into play. The very terse e-mail we received back was basically “As2 gets hijacked a lot and it’s not our problem”. So my question for the NANOG folks. At what point do you say “it’s not your problem” when it involves your ASN?
> The point where someone who isn't you is both hijacking your ASN *and*
> someone else's prefix? Have you confirmed that the hijack actually
> came from UDel, that the AS path matches one that's legitimate for
> UDel? The guy hijacking your route doesn't have to list just one AS as
> the origin; he can' list an entire chain.
> Bill Herrin
IT - University of Delaware - 302.831.8756
Newark, DE 19716 Email davis at udel.edu
More information about the NANOG