Thanks Bill, As our canned Email stated, AS2 (and many low digit AS') get hijacked and often go on to hijack someone's prefix. AS2 (proper) is rarely changed and the chances of an actual prefix hijack from it is extremely low. So as I've asked our peers, I'll ask here: What is expected of us to be good "Net Citizens" with these hijacks? We don't have a FTE to assign to contact IX,ISP,etc. sites, often not in this country, to track down these weekly hijacks. The canned Email has resulted in some feedback where the hijack is found to be a prepending syntax error, or a lab config slipping through to production, but still a majority are supposed malicious and we never hear back. Seeing AS paths of the prefix hijacks would be helpful, but we're not aware of where we can get to them and offer the Email response asking the victim to inquire locally. thanks On 5/30/20 2:09 PM, William Herrin wrote:
Here is where the philosophy comes into play. The very terse e-mail we received back was basically “As2 gets hijacked a lot and it’s not our problem”. So my question for the NANOG folks. At what point do you say “it’s not your problem” when it involves your ASN? The point where someone who isn't you is both hijacking your ASN *and* someone else's prefix? Have you confirmed that the hijack actually came from UDel, that the AS path matches one that's legitimate for UDel? The guy hijacking your route doesn't have to list just one AS as
On Fri, May 29, 2020 at 8:40 AM Justin Wilson (Lists) <lists@mtin.net> wrote: the origin; he can' list an entire chain.
Regards, Bill Herrin
-- Mike Davis IT - University of Delaware - 302.831.8756 Newark, DE 19716 Email davis@udel.edu