Recently, there was an attack on Klayswap [1] believed to be due to
BGP hijacking [2]. From the public data on routeviews, we can see that
there were announcements for the hijacked IP ranges, for example:
U>A>1643854199.000000|routeviews|route-views.wide|||2497|202.249.2.169|211.249.221.0/24|202.249.2.169|2497
6461 9457|9457|||
The weird part is that the path from AS6461 to AS9457 does not show up
in any other routes. As far as I can tell from public information,
there is no transit nor peering relationship between AS6461 and
AS9457. As such, it seems likely a peer or customer of AS6461 was
impersonating AS9457.
I sent an email to Zayo's abuse email asking if they could provide any
additional information but did not receive a response. If anyone has
additional information, please reach out. Especially information about
where the announcement may have originated.