BGP hijack?

Mon Oct 23 10:41:50 UTC 2023

Hello everyone,
I'm working for MilkyWan / AS2027 and I wanted to give you some 
explanations regarding this incident. Last week-end, during an upgrade 
on our network configuration, it appears that some prefixes were 
announced with an incorrect AS Path. Based on our analysis, none of 
these routes seem to have been announced anywhere, but to some 
route-collectors (RIPE RIS, BGP.Tools, Qrator, HE.net, NLNOG RING), and 
therefore didn't effectively end up in the DFZ.
The issue was discovered quickly (in a few minutes) and corrected right 
away.
The incident is now closed on our side; please reach out to us should 
you see anything proving otherwise.

We deeply apologize for that and we can confirm it was not a BGP hijack 
attempt.

Wishing you a very pleasant day.

Vincent F. for Milkywan Team

Le 2023-10-22 19:02, Olivier Benghozi a écrit :
> Same stuff (with our ASN and our prefixes) detected here, coming from
> AS2027 (Milkywan), for a short time...
> 
> Le dim. 22 oct. 2023 à 17:18, Hank Nussbacher <hank at efes.iucc.ac.il>
> a écrit :
> 
>> We just had every single prefix in AS378 start being announced by
>> AS2027.
>> 
>> Every announcement by AS2027 is failing RPKI yet being propagated a
>> bit.
>> Is this yet another misbehaving device or an actual attack?
> 
> _Ce message et toutes les pièces jointes (ci-après le "message")
> sont établis à l’intention exclusive des destinataires désignés.
> Il contient des informations confidentielles et pouvant être
> protégé par le secret professionnel. Si vous recevez ce message par
> erreur, merci d'en avertir immédiatement l'expéditeur et de
> détruire le message. Toute utilisation de ce message non conforme à
> sa destination, toute diffusion ou toute publication, totale ou
> partielle, est interdite, sauf autorisation expresse de l'émetteur_