In FORT Monitor monthly report we prepare a summary with the most relevant data from last month.
If you'd like to receive this report on a monthly basis, click the button to subscribe.
Route hijacks are estimated based on RPKI validation data. If an announcement is identified as invalid, it is considered a potential route hijack. There are two possible reasons for this: the origin autonomous system is not authorized to announce the route, or the announced prefix is too specific (the maximum length is exceeded). But what about the announcements that are not covered by RPKI? For these cases, we use information from the Internet Route Registries ( IRR ) to validate whether the announcements are recorded. If there is a record in the IRR that matches the announcement (same origin ASN and same prefix length), then it is labeled as IRR-valid. If there are records but these records contradict this information, then it is considered as IRR-invalid. If the prefix is not registered in an IRR, it is considered as IRR-not found. In such cases, potential route hijacks are not considered, but they are reported as anomalies.
The unit used to perform the calculations is the Prefix/Origin AS pair.
The 3 most announced hijacks of the month are: