BGP Incident:
Summary:Syrian national Telecommunications Establishment hijacks
Start:2014-12-09 08:37:00

The Syrian national Telecommunications Establishment (STE) has been in the news numerous times over the last few years, mostly because of the long lasting large scale Internet outages in Syria. This morning however we observed a new incident involving the two Autonomous systems for STE (AS29386 and AS29256). Starting at 08:33 UTC we detected that hundreds of new prefixes were being announced by primarily AS 29386. The new BGP announcements by STE (AS29386) were for prefixes that are not owned or operates by the Syrian Telco and as a result triggered ‘hijack / origin AS’ alerts for numerous BGPmon users. The announcements lasted for a few minutes only and we saw paths changing back to the original origin AS at about 08:37 UTC.

Affected ASes
ASHow Affected
29386One attack source
29256A second attack source
Affected AS 'Route Views' Connection Map

(note: not all connections may be shown for big graphs)