nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hijacked Network Ranges - paging Cogent and GBLX/L3

From: Manish Karir <mkarir () merit edu>
Date: Tue, 31 Jan 2012 15:30:57 -0500

You can take a closer look at the aspaths (lengths) to various global locations by looking at the following:

http://bgptables.merit.edu/prefix.php?z=&z=&prefixcw=208.110.48.0/20&view=all&count=1000
http://bgptables.merit.edu/prefix.php?z=&z=&prefixcw=63.246.112.0/20&view=all&count=1000
http://bgptables.merit.edu/prefix.php?z=&z=&prefixcw=68.66.112.0/20&view=all&count=1000

Hope that helps.

-manish




Message: 7
Date: Tue, 31 Jan 2012 22:06:03 +0200
From: Ido Szargel <ido () oasis-tech net>
To: "Schiller, Heather A" <heather.schiller () verizon com>, Kelvin
      Williams <kwilliams () altuscgi com>, "nanog () nanog org" <nanog () nanog org>
Subject: RE: Hijacked Network Ranges  - paging Cogent and GBLX/L3
Message-ID:
      <7A848D4888ADA94B8A46A17296740133B38D3E5473@DEXTER.oasis-tech.local>
Content-Type: text/plain; charset="us-ascii"

I would go at first by advertising your prefixes as a /24 as well, just
randomly checked 2 different locations and the as-path to 11325 is shorter
than to 33611
This seems to be the case for customers of Tiscali and L3, so this will
probably get most of your traffic back to you...

Regards,
Ido


-----Original Message-----
From: Kelvin Williams [mailto:kwilliams () altuscgi com]
Sent: Tuesday, January 31, 2012 1:01 PM
To: nanog () nanog org
Subject: Hijacked Network Ranges

Greetings all.

We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek Internet
Exchange) immediately filter out network blocks that are being advertised by
ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.

The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and
68.66.112.0/20 are registered in various IRRs all as having an origin AS
11325 (ours), and are directly allocated to us.

The malicious hijacking is being announced as /24s therefore making route
selection pick them.

Our customers and services have been impaired.  Does anyone have any
contacts for anyone at Cavecreek that would actually take a look at ARINs
WHOIS, and IRRs so the networks can be restored and our services back in
operation?

Additionally, does anyone have any suggestion for mitigating in the interim?
Since we can't announce as /25s and IRRs are apparently a pipe dream.

--
Kelvin Williams
Sr. Service Delivery Engineer
Broadband & Carrier Services
Altus Communications Group, Inc.



"If you only have a hammer, you tend to see every problem as a nail." --
Abraham Maslow
Previous By Date Next
Previous By Thread Next

Current thread: