How effective is this? Looking at https://bgp.he.net/ip/1.1.1.1, 1.1.1.0/24 is apparently "ROA Signed and Valid". I don't know a lot about BGP. Does this mean hijacking this subnet is a bit harder than unsigned ones because some or all ISPs verify this announcement? Or is it faster/easier to detect?
Maybe a wider question: is there some way to prevent BGP hijacking?
Basically, the bigger Chinese ISPs that are upstream of this small one which is making the false 1.1.1.0/24 announcement are not actually verifying that this small ISP is allowed to announce the space.
As for prevention, the only thing that will work is proper use of IRR/route registries and RPKI validation of peer announcements. Which a great many ISPs do not currently do.
The other method is more blunt, and can be more effective if the people with 'enable' on various ASNs' core and edge routers actually have a spine. ISPs which repeatedly announce space that they're not allocated (as per RIPE, ARIN, APNIC, AFRINIC records) should be depeered by their local peers, and their owners/operators publicly shamed. It's a reputation thing. As a neighbor of other, more clueful ISPs, it's basically the same thing as being a bad neighbor by leaving garbage all over your front lawn and causing a public nuisance with loud parties and trashy behavior.
I've been out of the space for almost as long, so would love to be wrong, but I think its fair to say that not much has improved on this front since then.
Maybe a wider question: is there some way to prevent BGP hijacking?