Yeah, ARDC sold part of it to Amazon. I doubt they even had right to do so due to 44/8 was an legacy IP range.. ARIN allowed it.. All too shady.
Anyway, according to AMPRnet that range was unallocated, so no active radio ham networks were at that range, so I doubt it was someone from AMPRnet. Getting parts of 44/8 reannounced by different gw than ucsd.edu is not that easy after all. ---------- Original message ---------- From: Ellenor Agnes Bjornsdottir <large.hadron.colli...@gmx.com> To: nanog@nanog.org Subject: Amprnet? (was Re: [anti-abuse-wg] Yet another BGP hijacking towards AS16509) Date: Tue, 30 Aug 2022 04:13:24 +0000 Wasn't 44/8 the space for AMPRNet? I looked it up and they sold part of it to Amazon. Ok. Got it. Possible that a potential highjack could be a good faith radio ham who hasn't somehow been updated on the sale of that space? Or more likely to be a malicious highjack? On 8/23/22 02:05, Siyuan Miao wrote: > Amazon was only announcing 44.224.0.0/11 <http://44.224.0.0/11> at first. > > https://bgp.tools/prefix/44.235.216.0/24 > > On Tue, Aug 23, 2022 at 4:03 AM Ronald F. Guilmette > <r...@tristatelogic.com> wrote: > > In message > <cao3camot9gc_evd-cczg06a-o_majmltxlhbxfnaudomyqo...@mail.gmail.com>, > Siyuan Miao <siy...@misaka.io> wrote: > > >Hjacking didn't last too long. AWS started announcing a more specific > >announcement to prevent hijacking around 3 hours later. Kudos to > Amazon's > >security team :-) > > Sorry. I'm missing something here. If the hijack was of > 44.235.216.0/24 <http://44.235.216.0/24>, then > how did AWS propagate a "more specific" than that? > > > Regards, > rfg > > -- > > To unsubscribe from this mailing list, get a password reminder, or > change your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/anti-abuse-wg >