Shutting Down the BGP Hijack Factory

Well its nice that they are now shut down, although the process seems to been fairly slow and arduous. They were already identified as misbehaving in 2014, getting kicked out from deixp in 2017, and only now disconnected by transits. And even in the latest episode they could play this game of cat and mouse for a (short) while. And what if Guilmette wouldn&#x27;t had noticed this, or bothered to rant on nanog, would that happened at all?<p>I&#x27;m not sure what to do improve the situation, but there definitely seems like a need for improvement.

I fail to understand why there is no quick and official way to terminate such bad actors. Isn’t there a task force for monitoring and enforcing some rules? There should be a SPoC for every AS, available 24&#x2F;7 so that such notorious players are kicked out immediately. We live in an age where everything can be traced and monitored and we allow BGP hijacking and other similar acts. Oh well, my romantic idea for a properly moderated network.

I have worked for a medium size ISP for many years (3 upstream Tier-1 provider, presence on 2 IXP) and we sometimes suffer from BGP hijaking. We had developed a software that every hour checks the BGP prefix assigned to every peer and update the BGP filter automatically. It takes some time to engineering it and develop but after then, it works like a charm.

So... what were they doing with the hijacks? Using it to evade IP reputation bans for spamming?

If they have been bad actors for years why didn&#x27;t they lose access earlier?

Bitcanal sounds like an appropriately terrible name as it sounds like root canal... but for bits.<p>BGP really needs some more organized security, but that&#x27;s nothing new, and i&#x27;m sure not super easy to organize.

And yet still being peered - <a href="https:&#x2F;&#x2F;bgp.he.net&#x2F;AS197426#_peers" rel="nofollow">https:&#x2F;&#x2F;bgp.he.net&#x2F;AS197426#_peers</a>

No comments about the cookie warning&#x2F;opt-out modal on the page? Perhaps it&#x27;s only visible in the EU?<p>The thing explicitly takes ~2-3mins to send a HTTP POST to each of their advertising partners saying you&#x27;ve opted out (and warns &quot;Some vendors cannot receive opt-out requests via https protocols so the processing of your opt-out request is incomplete&quot;)... lovely.

We have RIPE and other IANA organizations that have routing objects in their databases with information about through which ASN certain classes are announced, there are also LOAs. GTT and Cogent are huge Tier-1 providers, why they do not check which classes their clients are announcing? Am I missing something here?

<a href="http:&#x2F;&#x2F;www.bitcanal.com" rel="nofollow">http:&#x2F;&#x2F;www.bitcanal.com</a> is down.<p>Did they host it in their AS and now their AS is unreachable?