nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hijacked Network Ranges

From: PC <paul4004 () gmail com>
Date: Tue, 31 Jan 2012 11:22:13 -0700
Many/most transit providers filter prefixes longer than /24, so the
effectiveness may be minimal.

At the very least I'd advertise /24s yourself because if the forger is
geographically further away, some local sites may still work.  Better than
nothing.



On Tue, Jan 31, 2012 at 11:19 AM, Grant Ridder <shortdudey123 () gmail com>wrote:


Hi,

What is keeping you from advertising a more specific route (i.e /25's)?

-Grant

On Tue, Jan 31, 2012 at 12:00 PM, Kelvin Williams <kwilliams () altuscgi com

wrote:



Greetings all.

We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek

Internet

Exchange) immediately filter out network blocks that are being advertised
by ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.

The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and
68.66.112.0/20 are registered in various IRRs all as having an origin AS
11325 (ours), and are directly allocated to us.

The malicious hijacking is being announced as /24s therefore making route
selection pick them.

Our customers and services have been impaired.  Does anyone have any
contacts for anyone at Cavecreek that would actually take a look at ARINs
WHOIS, and IRRs so the networks can be restored and our services back in
operation?

Additionally, does anyone have any suggestion for mitigating in the
interim?  Since we can't announce as /25s and IRRs are apparently a pipe
dream.

--
Kelvin Williams
Sr. Service Delivery Engineer
Broadband & Carrier Services
Altus Communications Group, Inc.


"If you only have a hammer, you tend to see every problem as a nail." --
Abraham Maslow
Previous By Date Next
Previous By Thread Next

Current thread: