Sorry for sending this "huge" mail :-) At this moment we have a very simple multihomed ASN with a /20 prefix (x.y.0.0/20) like many other companys in the world. Some days ago, a BGP issue was announced about "IP hijacking". OK, we understand that this is some "new" because the traffic is also sent back to the "real owner" of the block. What kind of security can we have (and all internet providers) about that there is nobody announcing a subset of their prefix or a subset of their customer prefixes (i.e. x.y.0.0/24) disturbing the "normal" traffic flow? Of course, we know about prefix monitoring tools (from RIPE and others) but... it is the best solution? Or simply anyone can announce the /24 prefix that he want "capturing" that /24 prefix (of course if the "normal" prefix is smaller than that (i.e. /16))? In other words... can anybody "capture" the /24 prefix that he want? For example, what hapens if somebody announces a /24 from company "A" meanwhile the "normal" valid prefix of company "A"is a /16 and directs it to null0? That /24 is "shutted down". That is not the "new IP hijacking" issue because the traffic is not sent back to company "A". The question is very simply, It is very very difficult for me to believe that anybody can "shutdown" the /24 network that he wants in the world. I am right? Or may be that simply internet works like this and the providers are very careful about what accepts from their customers and what announces to other providers? I don't know the details of how internet providers work, but I know that when we made our multihoming for our ASN both providers did not setup the BGP session until we have created the "route object" in RIPE that makes a relationship between our ASN and our prefix. Also both providers have made filters in order to accept only our prefix in our BGP session. In other words... There is anybody in internet that can be sure that their traffic (traffic destined to their prefix) is not going to be "stoled"? If yes... how? Keep in mind that announcing the same prefixes than the attacker will not solve totally the problem because it is only a partial solution. If announcing a more specific /24 network is so easy... why does this not happen every day (for example for shutting down competitors sites)? Best regards