Telstra Hijack

I’m surprised no one else has mentioned this yet, but Telstra is hijacking a lot of prefixes:

Since we don’t have RPKI filtering in our network (yet), we are currently filtering everything with the path “.* 4637 1221$”.

This is of course taking a while…

My employer's prefixes were affected, I posted about it on the AusNOG list so I could get some assistance. It has cleared up now but it took about two hours or so.

I saw AS paths like this from HE's looking glass:
6461x4, 4637x11, 1221

I would love to know what the root cause of the leak was.

I’m still seeing bad prefixes from Cogent, but our other upstreams (NTT, GTT, Telia) blocked them.

Bad prefixes are all gone. This looks resolved from my point of view.

Hi Ross,

Just to confirm the AS1221 incident (INC000094009293) was resolved approx. 20:32 29/09/20 (UTC).

If anyone has further issues feel free to email me off-thread.


Senior Network Engineer

Cross-post from Russ on AusNOG list.

Telstra blog post on issue is now live -