Based on my own observation as well as via bgpstream there was a massive BGP hijack attempt last night by IHOME-AS iHome LLC, RU (AS 25478). Lasted about 10 minutes. Noction? Finger faddle? Malicious? Thanks, Hank
Noction - could be but there were not many specifics in around 3200 routes they originated, there were few /12, /13, /14 mistake probably. 121.128.0.0/12 39120 65478 25478 121.128.0.0/12 61568 65478 25478 121.144.0.0/13 61568 65478 25478 141.48.0.0/13 61568 65478 25478 203.40.0.0/13 39120 65478 25478 203.40.0.0/13 61568 65478 25478 Regards, Aftab A. Siddiqui On Tue, 9 Nov 2021 at 18:03, Hank Nussbacher <hank@interall.co.il> wrote:
Based on my own observation as well as via bgpstream there was a massive BGP hijack attempt last night by IHOME-AS iHome LLC, RU (AS 25478).
Lasted about 10 minutes. Noction? Finger faddle? Malicious?
Thanks,
Hank
I Saw the same event reported on a few prefixes . I am wondering if the routes were withdrawn or mitigated by upstreams . On Tue, Nov 9, 2021 at 2:03 AM Hank Nussbacher <hank@interall.co.il> wrote:
Based on my own observation as well as via bgpstream there was a massive BGP hijack attempt last night by IHOME-AS iHome LLC, RU (AS 25478).
Lasted about 10 minutes. Noction? Finger faddle? Malicious?
Thanks,
Hank
Yep, we saw it with several prefixes, as well, but it was quite short-lived. John On Tue, Nov 9, 2021 at 12:01 AM Hank Nussbacher <hank@interall.co.il> wrote:
Based on my own observation as well as via bgpstream there was a massive BGP hijack attempt last night by IHOME-AS iHome LLC, RU (AS 25478).
Lasted about 10 minutes. Noction? Finger faddle? Malicious?
Thanks,
Hank
participants (4)
-
Aftab Siddiqui -
Hank Nussbacher -
John Neiberger -
Lou D