nanog mailing list archives

Re: 192.208.19.0/24 hijack transiting 209, 286, 3320, 5511, 6461, 6762, 6830, 8220, 9002, 12956

From: Job Snijders <job () ntt net>
Date: Fri, 4 Jan 2019 11:21:32 +0300

Dear all,

NTT / AS 2914 deployed explicit filters to block this BGP announcement from
AS 4134. I recommend other operators to do the same.

I’d also like to recommend AS 32982 to remove the AS_PATH prepend on the
/24 announcement so the counter measure is more effective.

Kind regards,

Job

On Fri, Jan 4, 2019 at 1:02 Dominik Bay <db () rrbone net> wrote:

 I see the follwowing ASN transiting a leak concerning 192.208.19.0/24
originated by 4812

209
286
3320
5400
5511
6327
6461
6762
6830
8218
8220
8447
8551
9002
12956

The proper source is 32982 (Department of Energy).
More details to be found here: https://bgpstream.com/event/171779
And here: http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=192.208.19.0

Cheers,
Dominik

Current thread:

192.208.19.0/24 hijack transiting 209, 286, 3320, 5511, 6461, 6762, 6830, 8220, 9002, 12956 Dominik Bay (Jan 03)
- Re: 192.208.19.0/24 hijack transiting 209, 286, 3320, 5511, 6461, 6762, 6830, 8220, 9002, 12956 Jeff Shultz (Jan 03)
- Re: 192.208.19.0/24 hijack transiting 209, 286, 3320, 5511, 6461, 6762, 6830, 8220, 9002, 12956 Job Snijders (Jan 04)
- (FIXED) Re: 192.208.19.0/24 hijack transiting 209, 286, 3320, 5511, 6461, 6762, 6830, 8220, 9002, 12956 Dominik Bay (Jan 04)