Enforcing the First AS in BGP AS_PATHs

This report analyzes recent BGP route hijacks that used forged AS_PATHs and unused ASNs to misdirect traffic, documents concrete examples (including paths involving AS199524/Gcore and Cloudflare’s ASN), describes measurements where Cloudflare purposely injected malformed first-AS announcements to test which Tier 1 networks accept them (finding roughly half accepted), explains vendor default behaviors, and urges operators to enforce First AS checking as an effective mitigation.