Re: [EXT] AS hijacking (Philosophy, rants, GeoMind)

[Christopher Morrow <morrowc.lists () gmail com>]

are you sure it was really udel? and not someone pretending to be udel
from a random IX peering?

On Fri, May 29, 2020 at 12:03 PM Justin Wilson (Lists) <lists () mtin net> wrote:
> I will probably just get another link to https://isbgpsafeyet.com/ like I did in the first e-mail. LOL
>
>
> Justin Wilson
> j2sw () mtin net
>
> —
> https://j2sw.com - All things jsw (AS209109)
> https://blog.j2sw.com - Podcast and Blog
>
> On May 29, 2020, at 11:57 AM, Chuck Anderson <cra () WPI EDU> wrote:
>
> Go back to them and tell them that a hijacked prefix is different from a hijacked AS.
>
> On Fri, May 29, 2020 at 11:39:46AM -0400, Justin Wilson (Lists) wrote:
>
> One of the companies I work for recently had an issue with AS 2 (University of Delaware) hijacking a prefix.  Due to 
> Origin AS, good upstreams, and the like this has not really affected the traffic to the legit blocks.  However, 
> GeoMind picked this up almost immediately it seems.  The IP blocks when you go to speedtest.net come back to the 
> university of Delaware. This seems to be the only issue at the moment so we are working through contacting the peers 
> of AS2 and asking them to look into this.  We had also contacted University of Delaware.
>
> Here is where the philosophy comes into play.  The very terse e-mail we received back was basically “As2 gets 
> hijacked a lot and it’s not our problem”. So my question for the NANOG folks.  At what point do you say “it’s not 
> your problem” when it involves your ASN?
>
> Rant
> I almost always have issues with GeoMind and others when it comes to IP space.  Several of my folks have received 
> allocations from Arin in March.  A few are still fighting with geolocation stuff with a few of the providers.  So why 
> does GeoMind atomically accept a hijacked prefix as correct? All the right boxes have been ticked.  Origin 
> Validiation, registry sets, etc.