AS hijacking (Philosophy, rants, GeoMind)

Dale W. Carder dwcarder at
Fri May 29 16:48:19 UTC 2020

Thus spake Justin Wilson (Lists) (lists at on Fri, May 29, 2020 at 11:39:46AM -0400:
> One of the companies I work for recently had an issue with AS 2 (University of Delaware) hijacking a prefix.  Due to Origin AS, good upstreams, and the like this has not really affected the traffic to the legit blocks.  However, GeoMind picked this up almost immediately it seems.  The IP blocks when you go to come back to the university of Delaware. This seems to be the only issue at the moment so we are working through contacting the peers of AS2 and asking them to look into this.  We had also contacted University of Delaware.
> Here is where the philosophy comes into play.  The very terse e-mail we received back was basically “As2 gets hijacked a lot and it’s not our problem”. 

Given the ASN, have you ruled out that this is hijacking vs a case of 
prepending gone wrong.  We see this happen quote a bit with ASN 16, 
and sometimes even with 50.  Typically, ASN's 43, 44, and 45 usually 
get spared from this class of misconfiguration.

> So my question for the NANOG folks.  At what point do you say “it’s not your problem” when it involves your ASN?

Interdomain routing continues to be a community effort, but this
certainly could be in the class of problems of which they had no 
hand in.


More information about the NANOG mailing list