BGP hujack by AS25478?

Hank_Nussbacher3 · November 9, 2021, 7:00am

Based on my own observation as well as via bgpstream there was a massive BGP hijack attempt last night by IHOME-AS iHome LLC, RU (AS 25478).

Lasted about 10 minutes. Noction? Finger faddle? Malicious?

Thanks,

Hank

Aftab_Siddiqui · November 9, 2021, 7:50am

Noction - could be but there were not many specifics in around 3200 routes they originated, there were few /12, /13, /14

mistake probably.

121.128.0.0/12 39120 65478 25478
121.128.0.0/12 61568 65478 25478

121.144.0.0/13 61568 65478 25478
141.48.0.0/13 61568 65478 25478
203.40.0.0/13 39120 65478 25478
203.40.0.0/13 61568 65478 25478

LouD · November 9, 2021, 10:23am

I Saw the same event reported on a few prefixes . I am wondering if the routes were withdrawn or mitigated by upstreams .

jneiberger · November 9, 2021, 4:01pm

Yep, we saw it with several prefixes, as well, but it was quite short-lived.

John