It could just be a typo on the LOA. It seems unlikely any ISP would approve a forged LOA that could readily be debunked by contacting the IP space owner. The whole point of LOA’s is to facilitate this verification.
-mel via cell > On Mar 9, 2021, at 10:01 AM, Brian Turnbow via NANOG <nanog@nanog.org> wrote: > > Hello everyone, > > We received a strange request that I wanted to share. > An email was sent to us asking to confirm a LOA from a diligent ISP. > The Loa was a request to open bgp for an AS , that is not ours, to announce a > /23 prefix that is ours. > So basically this entity sent to their upstream a request to announce a > prefix from one our allocated ranges. > We have the allocation correctly registered and ROAs in place , but it is > worrisome that someone would attempt this. > Obviously we have informed the ISP that the LOA is not valid and are trying > to contact the originating party. > Aside from RIRs for the offending AS and our IPs, Is there anywhere to > report this type of activity? > We have dealt with hijacking technically speaking in the past but this is the > first time, to my knowledge, of someone forging a LOA with our IPs. > > Thanks in advance for any advice > > Brian > > P.S. a big thanks to Chris for checking the boxes before activating the > filter if you are on the list! > > > >
