nanog mailing list archives
Re: BGPMON Alert Questions
From: Bryan Tong <contact () nullivex com>
Date: Wed, 2 Apr 2014 13:44:48 -0600
Just got the same for 5 of my prefixes. ==================================================================== Possible Prefix Hijack (Code: 10) ==================================================================== Your prefix: 192.225.232.0/21: Prefix Description: ARIN direct allocation Update time: 2014-04-02 19:26 (UTC) Detected by #peers: 1 Detected prefix: 192.225.232.0/21 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761 Alert details: https://portal.bgpmon.net/alerts.php?details&alert_id=41651791 Mark as false alert: https://portal.bgpmon.net/fp.php?aid=41651791 ==================================================================== Possible Prefix Hijack (Code: 10) ==================================================================== Your prefix: 199.87.232.0/21: Prefix Description: Direct ARIN allocation Update time: 2014-04-02 19:26 (UTC) Detected by #peers: 1 Detected prefix: 199.87.232.0/21 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761 Alert details: https://portal.bgpmon.net/alerts.php?details&alert_id=41651792 Mark as false alert: https://portal.bgpmon.net/fp.php?aid=41651792 ==================================================================== Possible Prefix Hijack (Code: 10) ==================================================================== Your prefix: 162.245.228.0/24: Update time: 2014-04-02 19:26 (UTC) Detected by #peers: 1 Detected prefix: 162.245.228.0/24 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761 Alert details: https://portal.bgpmon.net/alerts.php?details&alert_id=41651793 Mark as false alert: https://portal.bgpmon.net/fp.php?aid=41651793 ==================================================================== Possible Prefix Hijack (Code: 10) ==================================================================== Your prefix: 198.44.191.0/24: Prefix Description: ARIN direct allocation Update time: 2014-04-02 19:26 (UTC) Detected by #peers: 1 Detected prefix: 198.44.191.0/24 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761 Alert details: https://portal.bgpmon.net/alerts.php?details&alert_id=41651794 Mark as false alert: https://portal.bgpmon.net/fp.php?aid=41651794 ==================================================================== Possible Prefix Hijack (Code: 10) ==================================================================== Your prefix: 23.249.176.0/20: Prefix Description: ARIN direct allocation Update time: 2014-04-02 19:26 (UTC) Detected by #peers: 1 Detected prefix: 23.249.176.0/20 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761 Alert details: https://portal.bgpmon.net/alerts.php?details&alert_id=41651795 Mark as false alert: https://portal.bgpmon.net/fp.php?aid=41651795 On Wed, Apr 2, 2014 at 1:12 PM, Rene Wilhelm <wilhelm () ripe net> wrote:
On 4/2/14, 8:51 PM, Joseph Jenkins wrote:So I setup BGPMON for my prefixes and got an alert about someone in Thailand announcing my prefix. Everything looks fine to me and I've checked a bunch of different Looking Glasses and everything announcing correctly. I am assuming I should be contacting the provider about their misconfiguration and announcing my prefixes and get them to fix it. Any other recommendations? Is there a way I can verify what they are announcing just to make sure they are still doing it?You can check RIPEstat's BGP looking-glass: https://stat.ripe.net/widget/looking-glass#w.resource=8.37.93.0%2F24 This combines the result of 13 RIPE RIS route collectors. A minute ago I saw the INDOSAT announcement at 2 locations (Amsterdam, Frankfurt) from 3 out of 101 peers, but it seems to have stopped just now. -- ReneHere is the alert for reference: Your prefix: 8.37.93.0/24: Update time: 2014-04-02 18:26 (UTC) Detected by #peers: 2 Detected prefix: 8.37.93.0/24 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761
-- eSited LLC (701) 390-9638
Current thread:
- Re: BGPMON Alert Questions, (continued)
- Re: BGPMON Alert Questions Randy Bush (Apr 02)
- Re: BGPMON Alert Questions Valdis . Kletnieks (Apr 03)
- Re: BGPMON Alert Questions Matthew Walster (Apr 03)
- RE: BGPMON Alert Questions David Hubbard (Apr 02)
- Re: BGPMON Alert Questions Octavio Alvarez (Apr 02)
- Re: BGPMON Alert Questions Mingwei Zhang (Apr 02)
- Prefix hijack by AS4761 (was Re: BGPMON Alert Questions) Stephen Fulton (Apr 02)
- Re: Prefix hijack by AS4761 (was Re: BGPMON Alert Questions) joel jaeggli (Apr 02)
- Re: Prefix hijack by AS4761 (was Re: BGPMON Alert Questions) Bob Snyder (Apr 02)
- Re: Prefix hijack by AS4761 (was Re: BGPMON Alert Questions) joel jaeggli (Apr 02)
- Re: BGPMON Alert Questions Rene Wilhelm (Apr 02)
- Re: BGPMON Alert Questions Bryan Tong (Apr 02)
- Re: BGPMON Alert Questions Bob Evans (Apr 02)
- Re: BGPMON Alert Questions Bryan Tong (Apr 02)
- Re: BGPMON Alert Questions Bret Clark (Apr 02)
- Re: BGPMON Alert Questions Bryan Tong (Apr 02)
- Re: BGPMON Alert Questions Felix Aronsson (Apr 02)
- RE: BGPMON Alert Questions Mike Walter (Apr 02)
- Re: BGPMON Alert Questions Zachary McGibbon (Apr 02)
- Re: BGPMON Alert Questions Erik Bais (Apr 02)