Hijacked Network Ranges - paging Cogent and GBLX/L3

Schiller, Heather A heather.schiller at verizon.com
Tue Jan 31 14:05:24 CST 2012


Sorry -- was looking at the wrong thing.  Doh!

 --heather 

-----Original Message-----
From: Schiller, Heather A 
Sent: Tuesday, January 31, 2012 3:05 PM
To: 'Keegan Holley'
Cc: Kelvin Williams; nanog at nanog.org
Subject: RE: Hijacked Network Ranges - paging Cogent and GBLX/L3


Looks fixed now..

 --heather 

-----Original Message-----
From: Keegan Holley [mailto:keegan.holley at sungard.com]
Sent: Tuesday, January 31, 2012 2:50 PM
To: Schiller, Heather A
Cc: Kelvin Williams; nanog at nanog.org
Subject: Re: Hijacked Network Ranges - paging Cogent and GBLX/L3

To be honest I haven't had much success it convincing a tier 1 to modify someone else's routes on my behalf for whatever reason.  I also have had limited success in getting them to do anything quickly.  I'd first look to modify your advertisements as much as possible to mitigate the issue and then work with the other guys upstreams second.


2012/1/31 Schiller, Heather A <heather.schiller at verizon.com>:
>
> Or roll it up hill:
>
> 33611 looks like they get transit from 19181, who's only upstream appears to be 12189.
> 12189 gets connectivity from 174 and 3549.
>
> 174 = Cogent
> 3549 = GBLX/L3
>
>  --Heather
>
> -----Original Message-----
> From: Kelvin Williams [mailto:kwilliams at altuscgi.com]
> Sent: Tuesday, January 31, 2012 1:01 PM
> To: nanog at nanog.org
> Subject: Hijacked Network Ranges
>
> Greetings all.
>
> We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek 
> Internet
> Exchange) immediately filter out network blocks that are being advertised by ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.
>
> The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and 
> 68.66.112.0/20 are registered in various IRRs all as having an origin 
> AS
> 11325 (ours), and are directly allocated to us.
>
> The malicious hijacking is being announced as /24s therefore making route selection pick them.
>
> Our customers and services have been impaired.  Does anyone have any contacts for anyone at Cavecreek that would actually take a look at ARINs WHOIS, and IRRs so the networks can be restored and our services back in operation?
>
> Additionally, does anyone have any suggestion for mitigating in the interim?  Since we can't announce as /25s and IRRs are apparently a pipe dream.
>
> --
> Kelvin Williams
> Sr. Service Delivery Engineer
> Broadband & Carrier Services
> Altus Communications Group, Inc.
>
>
> "If you only have a hammer, you tend to see every problem as a nail." 
> -- Abraham Maslow
>
>



More information about the NANOG mailing list