Hijacking

AS Number hijacking due to misconfiguration

This Sunday I was looking at global routing table dump and found AS1 announcing some very weird prefixes.

AS1 i.e Autonomous System Number 1 belongs to Level3 but as far as I know they are not actively using it. They use AS3356 globally (along with Global Crossing’s AS3549). I noticed quite a few prefixes of a Brazil based telecom provider - Netvip Telecomunicaes being announced by AS1. 

Some of entries in global routing table belonging to AS1 (as picked from BGP table dump of route-views archive):

Network hijacking: Wrong BGP announcements screwing up traffic

Yesterday I came across a very interesting case of network hijacking of an ISP from wrong BGP announcements by another network. This issue was reported to NANOG mailing list. 

Issue was reported by Kevin, Senior Engineer at Altus Communications (AS11325). Problem was that SBJ Media LLC (AS33611) was making a /24 block announcement for specific slices of Altus -  208.110.48.0/2063.246.112.0/20, and 68.66.112.0/20 which are allocated to Altus Communications (as per ARIN whois).