Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s)

Jakob Heitz (jheitz) jheitz at
Tue May 24 19:45:19 UTC 2022

This attack will work very well until the victim starts advertising
its prefix. The victim may not notice the fake advertisement because the fake
advertisement will not reach the victim AS due to AS-path loop checking.

So potential victims must advertise all prefixes that they register in
RPKI or subscribe to an Internet monitoring service to detect the
fake advertisements.

And don't forget maxlen. You must advertise in BGP every prefix
covered by maxlen.


-----Original Message-----
From: Saku Ytti <saku at>

On Tue, 24 May 2022 at 11:23, Max Tulyev <maxtul at> wrote:

> To make a working hijack of the routed prefix (for sniffing traffic,
> DDoS or something similar), you have to announce a more specific
> prefix(es). It can be denied by RPKI.
> If you signed RPKI prefix is still unannounced - yes, somebody can
> hijack it by forging the origin ASN - that's quite easy.

This axiomatically assumes first come, first serve, which is obviously
not complete understanding of BGP best path algorithm.


More information about the NANOG mailing list