Re: BGPMON Alert Questions

["Bob Evans" <bob () FiberInternetCenter com>]

where did you get that number ?
aut-num:        AS4761
as-name:        INDOSAT-INP-AP
descr:          INDOSAT Internet Network Provider
descr:          Internet Network Access Point in INDONESIA
country:        ID
admin-c:        IH151-AP
tech-c:         DA205-AP
mnt-by:         MAINT-ID-INDOSAT-INP
changed:        hostmaster () indosat com 20081006
source:         APNIC
person:         Dewi Amalia
nic-hdl:        DA205-AP
e-mail:         dewi.amalia () indosat com
address:        PT INDOSAT
address:        JL. Medan Merdeka Barat 21
address:        Jakarta Pusat
phone:          +62-21-30444066
fax-no:         +62-21-30001073
country:        ID
changed:        dewi.amalia () indosat com 20080117
mnt-by:         MAINT-ID-INDOSAT-INP
source:         APNIC
person:         INDOSAT INP Hostmaster
nic-hdl:        IH151-AP
e-mail:         hostmaster () indosat com
address:        PT Indosat
address:        Jl. Medan Merdeka Barat 21
address:        Jakarta Pusat
phone:          +62-21-30444066
fax-no:         +62-21-30001073
country:        ID
changed:        hostmaster () indosat com 20120104
mnt-by:         MAINT-ID-INDOSAT-INP
source:         APNIC


Bob Evans
CTO




> I called into +66 2104-2374
>
>
> James Laszko
> Mythos Technology Inc
>
>
> Sent from my iPad
>
> > On Apr 2, 2014, at 1:08 PM, "Bryan Tong" <contact () nullivex com> wrote:
> >
> > Another 5 of ours just got hit.
> >
> > Anyone have any ideas on what will be done about it?
> >
> >
> > > On Wed, Apr 2, 2014 at 1:18 PM, Frank Bulk <frnkblk () iname com> wrote:
> > >
> > > bgpmon has tweeted that "We're currently observing a large hijack
> > > event.
> > > Indosat AS4761 originating many prefixes not assigned to them."
> > >
> > > Let's hope that AS4651 can quickly apply filters.
> > >
> > > Frank
> > >
> > > -----Original Message-----
> > > From: David Hubbard [mailto:dhubbard () dino hostasaurus com]
> > > Sent: Wednesday, April 02, 2014 2:03 PM
> > > To: Joseph Jenkins; nanog () nanog org
> > > Subject: RE: BGPMON Alert Questions
> > >
> > > If you contact bgpmon support you may be able to get some more in-depth
> > > information.  I've contacted them before with alerts like those and
> > > they
> > > were able to give me specific date, time, ASN and interface information
> > > about the peering points that received the announcements; that might
> > > help make you present to the suspect party more likely to be acted
> > > upon.
> > >
> > > -----Original Message-----
> > > From: Joseph Jenkins [mailto:joe () breathe-underwater com]
> > > Sent: Wednesday, April 02, 2014 2:52 PM
> > > To: nanog () nanog org
> > > Subject: BGPMON Alert Questions
> > >
> > > So I setup BGPMON for my prefixes and got an alert about someone in
> > > Thailand announcing my prefix.  Everything looks fine to me and I've
> > > checked a bunch of different Looking Glasses and everything announcing
> > > correctly.
> > >
> > > I am assuming I should be contacting the provider about their
> > > misconfiguration and announcing my prefixes and get them to fix it.
> > > Any
> > > other recommendations?
> > >
> > > Is there a way I can verify what they are announcing just to make sure
> > > they are still doing it?
> > >
> > > Here is the alert for reference:
> > >
> > > Your prefix:          8.37.93.0/24:
> > >
> > > Update time:          2014-04-02 18:26 (UTC)
> > >
> > > Detected by #peers:   2
> > >
> > > Detected prefix:      8.37.93.0/24
> > >
> > > Announced by:         AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
> > > Provider,ID)
> > >
> > > Upstream AS:          AS4651 (THAI-GATEWAY The Communications Authority
> > > of
> > > Thailand(CAT),TH)
> > >
> > > ASpath:               18356 9931 4651 4761
> >
> >
> > --
> > eSited LLC
> > (701) 390-9638