prefix hijack by ASN 8997

Hank Nussbacher hank at efes.iucc.ac.il
Mon Sep 22 23:32:34 CDT 2008


On Mon, 22 Sep 2008, Scott Weeks wrote:

I too spotted this via PHAS for a large number of prefixes, but have not 
received alerts from IAR, Watchmy.Net nor does RIPE RIS show this hijack: 
http://www.ris.ripe.net/perl-risapp/risearch.html I would have expected 
with so many RRC boxes that RIPE RIS would have caught it.  I had thought 
it was a false positive from PHAS but now that you and others have seen it 
- I guess it is for real.

-Hank

>
>
>
> I am hoping to confirm a short-duration prefix hijack of 72.234.0.0/15 (and another of our prefixes) by ASN 8997 ("OJSC North-West Telecom" in Russia) in using ASN 3267 (Russian Federal University Network) to advertise our space to ASN 3277 (Regional University and Scientific Network (RUSNet) of North-Western and Saint-Petersburg Area of Russia).
>
> Is that what I'm seeing when I go to "bgplay.routeviews.org/bgplay", put in prefix 72.234.0.0/15 and select the dates:
>
> 22/9/2008  9:00:00   and   22/9/2008  15:00:00
>
> If so, am I understanding it correctly if I say ASN 3267 saw a shorter path from ASN 8997, so refused the proper announcement from ASN 36149 (me) it normally hears from ASN 174 (Cogent).
>
> If the above two are correct, would it be correct to say only the downstream customers of ASN 3267 were affected?
>
> scott
>




More information about the NANOG mailing list