The Global IPv4 Address Marketplace
Back to Blog
Technical

What Is IPv4 Hijacking? How to Protect and Recover Your IP Blocks

January 8, 2026
ipv4.center Team
What Is IPv4 Hijacking? How to Protect and Recover Your IP Blocks

What Is IPv4 Hijacking?

IPv4 hijacking (also known as BGP hijacking or IP prefix hijacking) occurs when someone announces your IP address space from their network without authorization. This can divert your traffic, enable phishing attacks, or be used for spam campaigns.

Types of Hijacking

BGP Prefix Hijacking

An attacker announces your exact prefix (e.g., your /24) from their AS number. Some routers on the internet may prefer the hijacker's route, directing traffic to the wrong network.

Sub-Prefix Hijacking

An attacker announces a more-specific prefix within your block (e.g., a /25 within your /24). More-specific routes are always preferred in BGP, making this particularly effective.

Idle Address Space Hijacking

Unannounced or dormant IP blocks are especially vulnerable. Attackers target blocks that have not been announced for extended periods, betting that the legitimate holder is not monitoring them.

How to Detect Hijacking

  • BGP monitoring: Use services like BGPStream, RIPEstat, or bgp.he.net to track announcements of your prefixes
  • RPKI monitoring: Monitor RPKI validity status for your prefixes
  • Blacklist monitoring: Continuous monitoring can alert you if your IPs appear on blacklists due to hijacker abuse
  • Traffic anomalies: Unexpected traffic patterns or loss of connectivity may indicate hijacking

How to Protect Against Hijacking

1. Create RPKI ROAs

This is the single most effective protection. A ROA cryptographically certifies which AS is authorized to announce your prefix. Networks that validate RPKI will reject unauthorized announcements.

2. Monitor Your Prefixes

Set up alerts for any BGP activity involving your address space. Early detection is crucial.

3. Keep Your RIR Records Updated

Ensure your RIPE/ARIN/APNIC records accurately reflect your ownership and contact information.

4. Announce Your Space (Even If Not In Use)

If you hold IP blocks that are not actively used, consider announcing them with appropriate ROAs. Unannounced space is the easiest target for hijackers.

What to Do If Hijacked

  1. Verify the hijack using BGP looking glass tools
  2. Create or verify your RPKI ROA immediately
  3. Contact your RIR to report the unauthorized announcement
  4. Contact the network where the hijack originates (abuse contact)
  5. Notify your upstream providers
  6. Document everything for potential legal action

Protect your IPv4 investment with proper security. Set up monitoring and ensure your RPKI ROAs are configured correctly.

hijackingBGPsecurityRPKIprotection
Back to all posts