nanog mailing list archives
Re: BGPMON Alert Questions
From: Blake Dunlap <ikiris () gmail com>
Date: Wed, 2 Apr 2014 15:24:44 -0500
Saw this as well on my blocks. Is this malicious or did someone redistribute all of bgp with bad upstream filtering? On Wed, Apr 2, 2014 at 3:16 PM, James Laszko <jamesl () mythostech com> wrote:
I have someone from cat.net.th on the phone and he doesn't speak a lot of English and I don't speak any Thai..... He knew what indosat was and their AS number. He further stated he got my email (never told him who I was), but he said he would be replying ASAP. We only had one /24 announced by indosat. James Laszko Mythos Technology Inc Sent from my iPadOn Apr 2, 2014, at 1:08 PM, "Bryan Tong" <contact () nullivex com> wrote: Another 5 of ours just got hit. Anyone have any ideas on what will be done about it?On Wed, Apr 2, 2014 at 1:18 PM, Frank Bulk <frnkblk () iname com> wrote: bgpmon has tweeted that "We're currently observing a large hijack event. Indosat AS4761 originating many prefixes not assigned to them." Let's hope that AS4651 can quickly apply filters. Frank -----Original Message----- From: David Hubbard [mailto:dhubbard () dino hostasaurus com] Sent: Wednesday, April 02, 2014 2:03 PM To: Joseph Jenkins; nanog () nanog org Subject: RE: BGPMON Alert Questions If you contact bgpmon support you may be able to get some more in-depth information. I've contacted them before with alerts like those and they were able to give me specific date, time, ASN and interface information about the peering points that received the announcements; that might help make you present to the suspect party more likely to be acted upon. -----Original Message----- From: Joseph Jenkins [mailto:joe () breathe-underwater com] Sent: Wednesday, April 02, 2014 2:52 PM To: nanog () nanog org Subject: BGPMON Alert Questions So I setup BGPMON for my prefixes and got an alert about someone in Thailand announcing my prefix. Everything looks fine to me and I've checked a bunch of different Looking Glasses and everything announcing correctly. I am assuming I should be contacting the provider about their misconfiguration and announcing my prefixes and get them to fix it. Any other recommendations? Is there a way I can verify what they are announcing just to make sure they are still doing it? Here is the alert for reference: Your prefix: 8.37.93.0/24: Update time: 2014-04-02 18:26 (UTC) Detected by #peers: 2 Detected prefix: 8.37.93.0/24 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761-- eSited LLC (701) 390-9638
Current thread:
- RE: BGPMON Alert Questions, (continued)
- RE: BGPMON Alert Questions eric-list (Apr 02)
- RE: BGPMON Alert Questions Kate Gerry (Apr 02)
- Re: BGPMON Alert Questions Andree Toonk (Apr 02)
- Re: BGPMON Alert Questions Seth Mattinen (Apr 02)
- RE: BGPMON Alert Questions Chris Burton (Apr 02)
- Re: BGPMON Alert Questions Olivier Benghozi (Apr 02)
- RE: BGPMON Alert Questions David Hubbard (Apr 02)
- RE: BGPMON Alert Questions Frank Bulk (Apr 02)
- Re: BGPMON Alert Questions Bryan Tong (Apr 02)
- Re: BGPMON Alert Questions James Laszko (Apr 02)
- Re: BGPMON Alert Questions Blake Dunlap (Apr 02)
- Re: BGPMON Alert Questions Curtis Doty (Apr 02)
- Re: BGPMON Alert Questions Peter Tavenier (Apr 02)
- RE: BGPMON Alert Questions Frank Bulk (Apr 02)
- Re: BGPMON Alert Questions James Laszko (Apr 02)
- Re: BGPMON Alert Questions Bob Evans (Apr 02)
- Re: BGPMON Alert Questions Seth Mattinen (Apr 02)
- Re: BGPMON Alert Questions Bryan Tong (Apr 02)
- Re: BGPMON Alert Questions Laszlo Hanyecz (Apr 02)
- Re: BGPMON Alert Questions Justin M. Streiner (Apr 02)
- Re: BGPMON Alert Questions joel jaeggli (Apr 02)
- Re: BGPMON Alert Questions Mark Tinka (Apr 03)