This is just a quick post to address some of the emails I’ve received today. Quite a bit of BGPmon.net users have received a notification regarding a possible hijack of their address space.
On Friday January 14th AS4761, INDOSAT-INP-AP, started to originate a large number of new prefixes. A quick check show that AS4761 originated approximately 2800 new unique prefixes of 824 unique Autonomous systems. Whereas normally they originate approximately 100 prefixes.
The announcements happened between 12:19 and 12:57 PM UTC. Some prefixes were affected longer than others,
The geographic impact of these announcements varies per prefix. Some were seen by only a few peers, where others were seen by up to 50 peers geographically dispersed all over the world. Some of the networks affected are 18.104.22.168/24 (Google open resolver), a number of AS20940 Akamai prefixes, Amazon prefixes, Cisco, DoD, US Senate, American Express, General Electric and many others.
Wondering if your network was affected by this? Here you’ll find a list of all affected networks.
A number of the transit providers of AS4761 accepted these prefixes. This is the distribution:
|Number of unique prefixes
||TWGATE-AP Taiwan Internet Gateway
||SEABONE-NET TELECOM ITALIA SPARKLE S.p.A.
||PCW Global / BTN-ASN - Beyond The Network America, Inc.
||STARHUBINTERNET-AS StarHub Internet Exchange
||ATT-INTERNET4 - AT&T Services, Inc.
||CW Cable and Wireless Worldwide plc
||GLOBEINTERNET TATA Communications
||HUTCHISON-AS-AP Hutchison Global Communications