Prefix hijacking by AS20115

Tue Sep 29 03:59:31 UTC 2015

That's something I would do. Announce announce and keep adding ports until
I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in a
blackhole route for the prefixes. Try to pick blocks that are as
geographically located to your peering routers as possible ...IE in Reno
pick the blocks that seem to be near by - like Reno, Tahoe, Sacramento
..... when that batch of customers makes their phones ring all night
someone will listen.

Would be nice if our membership organization ARIN ( that we all pay to
keep us somewhat organized) had an ability to do something for you.... I
never looked into it...i don't know....maybe it does ?

But, in the mean time I am pretty sure you can document this well and
prove your announcements of theirs was due to the fact you couldn't get
proper technical attention and needed to desperately before your customers
cancel after 8 hours of this. Tomorrow call your lawyers and begin to sue
that cable company (did I recognize that ASN as cable TV ? ) for damages
this must be causing you in ill-will amongst your customer base.

I wonder just how you prove the damage...some equation based on customer
calls and complaints together with how many years you have been in
business as well as the number of contracts that are coming up for
renewal. etc etc. Now that would be interesting to see a formula for that
if anyone has been through it.

Thank You
Bob Evans
CTO

> Start announcing their prefixes?
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On Sep 28, 2015 11:09 PM, "Seth Mattinen" <sethm at rollernet.us> wrote:
>
>> On 9/28/15 18:30, William Herrin wrote:
>>
>>> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen <sethm at rollernet.us>
>>> wrote:
>>>
>>>> I've got a problem where AS20115 continues to announce prefixes after
>>>> BGP
>>>> neighbors were shutdown. They claim it's a wedged BGP process but
>>>> aren't
>>>> in
>>>> any hurry to fix it outside of a maintenance window.
>>>>
>>>
>>> If they weren't lying to you, they'd fix it now. That's not the kind
>>> of problem that waits.
>>>
>>> Thing is: they lied to you. Long ago they "helpfully" programmed their
>>> router to announce your route regardless of whether you sent a route
>>> to them. They want to wait for a maintenance window to remove that
>>> configuration.
>>>
>>>
>>> I'm at a loss of what else I can do. They admit the problem but won't
>>> take
>>>> action saying it needs to wait for a maintenance window. Am I out of
>>>> line
>>>> insisting that's an unacceptable response to a problem that results in
>>>> prefix/traffic hijacking?
>>>>
>>>
>>> Try dropping the link entirely. If they still announce your addresses,
>>> bring it back up but report it as emergency down, escalate, and call
>>> back every 10 minutes until the junior tech understands that it's time
>>> to call and wake up the guy who makes the decision to fix it now.
>>>
>>>
>>
>> I'm at the tail end here almost 8 hours later since the hijacking
>> started.
>> Their NOC is just blowing me off now and they're happy to continue the
>> hijacking until it's convenient for them to have a maintenance window.
>> And
>> that's apparently the final decision.
>>
>> ~Seth
>>
>