Differentiate route leaks from route hijacks with examples.

Route leaks happen when routing information is shared beyond what was intended, usually due to a misconfiguration or policy mistake. This means prefixes owned by one party become visible or usable by other parts of the Internet or by other providers, not because someone is trying to do harm, but because the way routes are learned and redistributed was incorrect. For example, a network might learn a customer’s prefix via an internal iBGP session and, because a route-policy or filter is misconfigured, advertise it to another provider. That unintended advertisement makes the prefix reachable through paths it shouldn’t be, leading to suboptimal or unintended traffic flows. Another common case is a provider leaking routes learned from one downstream peer to another provider, broadening the visibility of prefixes that should be contained within a limited scope. Route hijacks, on the other hand, involve unauthorized announcements of prefixes by an AS that does not own them. This is about misrepresentation of ownership to attract traffic to the attacker’s network, often with malicious intent. A classic example is an ASN announcing prefixes it does not own, causing traffic destined for those prefixes to route toward the rogue network. The traffic can then be intercepted, dropped, or altered. A well-known real-world instance was an incident where a route announcement caused global traffic to be misrouted through a provider’s network, enabling interception of the intended destination. So, the key distinction is authorization: leaks are unintended disclosures of legitimate prefixes due to misconfiguration, while hijacks are intentional or fraudulent announcements by an actor asserting ownership of prefixes they do not own.