Thanks Bill,
As our canned Email stated, AS2 (and many low digit AS') get
hijacked and
often go on to hijack someone's prefix. AS2 (proper) is rarely changed and
the chances of an actual prefix hijack from it is extremely low.
So as I've asked our peers, I'll ask here: What is expected of us to be good
"Net Citizens" with these hijacks?
We don't have a FTE to assign to contact IX,ISP,etc. sites, often not in
this country,
to track down these weekly hijacks. The canned Email has resulted in
some feedback
where the hijack is found to be a prepending syntax error, or a lab
config slipping
through to production, but still a majority are supposed malicious and
we never
hear back.
Seeing AS paths of the prefix hijacks would be helpful, but we're not
aware of where
we can get to them and offer the Email response asking the victim to
inquire locally.
thanks
On 5/30/20 2:09 PM, William Herrin wrote:
On Fri, May 29, 2020 at 8:40 AM Justin Wilson (Lists) <li...@mtin.net> wrote:
Here is where the philosophy comes into play. The very terse e-mail we
received back was basically “As2 gets hijacked a lot and it’s not our problem”.
So my question for the NANOG folks. At what point do you say “it’s not your
problem” when it involves your ASN?
The point where someone who isn't you is both hijacking your ASN *and*
someone else's prefix? Have you confirmed that the hijack actually
came from UDel, that the AS path matches one that's legitimate for
UDel? The guy hijacking your route doesn't have to list just one AS as
the origin; he can' list an entire chain.
Regards,
Bill Herrin
--
Mike Davis
IT - University of Delaware - 302.831.8756
Newark, DE 19716 Email da...@udel.edu
