Recently, there was an attack on Klayswap [1] believed to be due to BGP hijacking [2]. From the public data on routeviews, we can see that there were announcements for the hijacked IP ranges, for example: U|A|1643854199.000000|routeviews|route-views.wide|||2497|202.249.2.169|211.249.221.0/24|202.249.2.169|2497 6461 9457|9457||| The weird part is that the path from AS6461 to AS9457 does not show up in any other routes. As far as I can tell from public information, there is no transit nor peering relationship between AS6461 and AS9457. As such, it seems likely a peer or customer of AS6461 was impersonating AS9457. I sent an email to Zayo's abuse email asking if they could provide any additional information but did not receive a response. If anyone has additional information, please reach out. Especially information about where the announcement may have originated. -- Andrew Wesie Theori, Inc. [1] https://medium.com/klayswap/klayswap-compensation-plan-99ec4db6742f [2] https://economist.co.kr/2022/02/07/column/expertColumn/20220207070013230.htm...