Hijacked Network Ranges
Keegan Holley
keegan.holley at sungard.com
Tue Jan 31 18:24:58 UTC 2012
2012/1/31 Justin M. Streiner <streiner at cluebyfour.org>
> On Tue, 31 Jan 2012, Grant Ridder wrote:
>
> What is keeping you from advertising a more specific route (i.e /25's)?
>>
>
> Many providers filter out anything longer (smaller) than /24.
>
Some will accept it but not propagate it upstream. This may be useful in
redirecting all the traffic from a large AS if you are directly connected.
>
> jms
>
>
> On Tue, Jan 31, 2012 at 12:00 PM, Kelvin Williams <kwilliams at altuscgi.com
>> >wrote:
>>
>> Greetings all.
>>>
>>> We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek
>>> Internet
>>> Exchange) immediately filter out network blocks that are being advertised
>>> by ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.
>>>
>>> The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and
>>> 68.66.112.0/20 are registered in various IRRs all as having an origin AS
>>> 11325 (ours), and are directly allocated to us.
>>>
>>> The malicious hijacking is being announced as /24s therefore making route
>>> selection pick them.
>>>
>>> Our customers and services have been impaired. Does anyone have any
>>> contacts for anyone at Cavecreek that would actually take a look at ARINs
>>> WHOIS, and IRRs so the networks can be restored and our services back in
>>> operation?
>>>
>>> Additionally, does anyone have any suggestion for mitigating in the
>>> interim? Since we can't announce as /25s and IRRs are apparently a pipe
>>> dream.
>>>
>>> --
>>> Kelvin Williams
>>> Sr. Service Delivery Engineer
>>> Broadband & Carrier Services
>>> Altus Communications Group, Inc.
>>>
>>>
>>> "If you only have a hammer, you tend to see every problem as a nail." --
>>> Abraham Maslow
>>>
>>>
>>
>
>
More information about the NANOG
mailing list