‘Hijack’ by AS4761 – Indosat, a quick report
This is just a quick post to address some of the emails I’ve received today. Quite a bit of BGPmon.net users have received a notification regarding a possible hijack of their address space.
On Friday January 14th AS4761, INDOSAT-INP-AP, started to originate a large number of new prefixes. A quick check show that AS4761 originated approximately 2800 new unique prefixes of 824 unique Autonomous systems. Whereas normally they originate approximately 100 prefixes.
The announcements happened between 12:19 and 12:57 PM UTC. Some prefixes were affected longer than others,
The geographic impact of these announcements varies per prefix. Some were seen by only a few peers, where others were seen by up to 50 peers geographically dispersed all over the world. Some of the networks affected are 18.104.22.168/24 (Google open resolver), a number of AS20940 Akamai prefixes, Amazon prefixes, Cisco, DoD, US Senate, American Express, General Electric and many others.
Wondering if your network was affected by this? Here you’ll find a list of all affected networks.
A number of the transit providers of AS4761 accepted these prefixes. This is the distribution:
|Number of unique prefixes||transit_AS||AS Name|
|2211||AS9505||TWGATE-AP Taiwan Internet Gateway|
|1299||AS6762||SEABONE-NET TELECOM ITALIA SPARKLE S.p.A.|
|1142||AS3491||PCW Global / BTN-ASN – Beyond The Network America, Inc.|
|685||AS4657||STARHUBINTERNET-AS StarHub Internet Exchange|
|584||AS7018||ATT-INTERNET4 – AT&T Services, Inc.|
|330||AS1273||CW Cable and Wireless Worldwide plc|
|154||AS6453||GLOBEINTERNET TATA Communications|
|88||AS9304||HUTCHISON-AS-AP Hutchison Global Communications|