2 minutes
BGP Hijacking and other nuisances
Honestly where to even begin… All of my research runs on my own ASN and through 2-3 prefixes that I operate. Being my own ISP gives me the flexibility and mobility required to do possibly stupid things without upsetting or interrupting any potential upstream/provider.
Now that we’re on the same page let’s go to the juicy stuff.
The internet runs as a bunch of loosely connected independent networks, each identified by their ASN (Autonomous System Number - catchy right?). While there are many ways to exchange routes between two networks the one used by “The Internet” is BGP (Border Gateway Protocol); It really isn’t that important as ultimately all protocols rely on Trust alone.
While the RIR are the Authority to provide IPs and ASNs and regulate Route Objects (who can announce which IPs) there is no real way verifying this between two BGP Peers.
This means that I will always trust that my peer is not going to announce bogus routes (whether they dont exist or are somebody else’s).
This was the Status Quo for a long time until RPKI became a thing. With RPKI the RIRs issue cryptographically signed objects that attest who can announce what and provide this information in a consumable form for BGP processes (well some vendors, not all yet sadly).
RPKI is still Opt-In, albeit highly recommended by most, which means some dont and others dont bother checking. So BGP Hijacking is still very much a thing.
Now why the hell am I rambling about all of this? Get to the point already right?
On 2024-06-21 a brazil ISP decided it would be real fun to BGP Hijack about 32k routes - amongst other mine.
This is a very poor attempt at blocking out TOR as all the Hijacks were where TOR nodes are located.
The ISP in question is AS262872 (Digicontrol), to make matters worse AS262872 does NOT operate a valid Abuse/NOC handling. I’ve been trying to reach out to them for days and got no response (likely because they block my network, convenient right?…)
I’ve reached out to AS262872’s Upstreams as well, noting that some of them are operating the same mailbox and some straight up say that abuse@ does not exist.
Ultimately I’ve now reached out to Cert.br as well as NIC.br and also ARIN - Tech-C and Abuse-C are required to be correct and available.
Related Posts: