I'm soliciting any background information, anecdotes, shared
experiences, previous evidence, etc. of bad behavior and/or IP route
hijacking for this 'hijack factory', as I've heard it called privately.
They are actively -- and illegitimately -- announcing prefixes which
are (legitimately) allocated to other organizations, a couple of them
are very large & well-known U.S. healthcare providers.
I'd also be interesting in hearing suggestion on the course of action
one of these organizations might take to make this stop....
Thanks in advance,
- - ferg
Seattle, WA USA
Have no history/background that I can share.
In terms of actions, this seems obvious, but…
Look at the AS Paths fo the hijacked prefixes announced from 57129 and start with the
second to last AS and work backwards asking that at least those prefixes from 57129 be
Most legitimate providers faced with appropriate documentation of prefix registration in the
relevant RIR will do the following:
1. Contact their customer/peer and ask them to stop announcing.
2. Install the necessary filters.
3. If 1 is not successful in a reasonable amount of time, potentially escalate to