nanog mailing list archives
Re: Spectrum prefix hijacks
From: James Milko <jmilko () gmail com>
Date: Tue, 2 Jan 2018 21:51:20 -0500
The output I dumped was from route-views.routeviews.org. On affected prefes you get 7843->6453->nothing unaffected prefixes get 7843->6453->15169. Unaffected prefixes don't have more specifics from 10512. My sample size is only 8 though with a mix of affected and unaffected users. JM On Tue, Jan 2, 2018 at 9:30 PM, Christopher Morrow <morrowc.lists () gmail com> wrote:
it looks like 203040 is a pure transit as (no originated prefixes) and 1103 - surfnet could squish what is your view anyway. On Tue, Jan 2, 2018 at 9:29 PM, Christopher Morrow < morrowc.lists () gmail com> wrote:On Tue, Jan 2, 2018 at 8:50 PM, James Milko <jmilko () gmail com> wrote:Not sure if anyone from Spectrum is looking here at this hour, but someone is hijacking a few of your prefixes. It's causing problems in my area (NC) with reaching Google services. I'm sure there are other impacts, but that's what people are noticing. Sorry if this hits the list twice, I sent it from the wrong e-mail address the first go round. * 107.12.0.0/16 193.0.0.56 0 3333 1103 203040 10512 i *> 103.247.3.45 0 58511 203040 10512 i * 107.13.0.0/16 193.0.0.56 0 3333 1103 203040 10512 i *> 103.247.3.45 0 58511 203040 10512 i * 107.14.0.0/16 193.0.0.56 0 3333 1103 203040 10512 i Network Next Hop Metric LocPrf Weight Path *> 103.247.3.45 0 58511 203040 10512 i * 107.15.0.0/16 193.0.0.56 0 3333 1103 203040 10512 i * 103.247.3.45 0 58511 203040 10512 iE-Forex you say? shocker: AS | BGP IPv4 Prefix | AS Name 10512 | 102.164.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 102.194.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 103.116.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 106.128.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 106.129.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 106.130.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 106.131.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 107.12.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 107.13.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 107.14.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 107.15.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 14.5.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 147.17.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 180.237.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.183.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.185.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.186.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.187.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.188.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.189.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.190.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.191.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.192.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.193.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.194.0.0/16 | EFOREX-AS - E-FOREX, US 10512 | 42.195.0.0/16 | EFOREX-AS - E-FOREX, US I'm going to guess they are hijacking a bunch of space and sending spam? (the 42/8 space is variously telecom malaysia and china unicom) the 102 space is un-allocated afrnic space... probably no good these folk are up to.
Current thread:
- Spectrum prefix hijacks James Milko (Jan 02)
- Re: Spectrum prefix hijacks Christopher Morrow (Jan 02)
- Re: Spectrum prefix hijacks Christopher Morrow (Jan 02)
- Re: Spectrum prefix hijacks James Milko (Jan 02)
- Re: Spectrum prefix hijacks Christopher Morrow (Jan 02)
- Re: Spectrum prefix hijacks Christopher Morrow (Jan 02)
- Re: Spectrum prefix hijacks Christopher Morrow (Jan 02)