RE: Hijacked Network Ranges - paging Cogent and GBLX/L3

["Schiller, Heather A" <heather.schiller () verizon com>]

Or roll it up hill:

33611 looks like they get transit from 19181, who's only upstream appears to be 12189. 
12189 gets connectivity from 174 and 3549.     

174 = Cogent
3549 = GBLX/L3

 --Heather

-----Original Message-----
From: Kelvin Williams [mailto:kwilliams () altuscgi com] 
Sent: Tuesday, January 31, 2012 1:01 PM
To: nanog () nanog org
Subject: Hijacked Network Ranges

Greetings all.

We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek Internet
Exchange) immediately filter out network blocks that are being advertised by ASAS33611 (SBJ Media, LLC) who provided to 
them a forged LOA.

The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and 68.66.112.0/20 are registered in various IRRs all as 
having an origin AS
11325 (ours), and are directly allocated to us.

The malicious hijacking is being announced as /24s therefore making route selection pick them.

Our customers and services have been impaired.  Does anyone have any contacts for anyone at Cavecreek that would 
actually take a look at ARINs WHOIS, and IRRs so the networks can be restored and our services back in operation?

Additionally, does anyone have any suggestion for mitigating in the interim?  Since we can't announce as /25s and IRRs 
are apparently a pipe dream.

--
Kelvin Williams
Sr. Service Delivery Engineer
Broadband & Carrier Services
Altus Communications Group, Inc.


"If you only have a hammer, you tend to see every problem as a nail." --
Abraham Maslow