BGPMON Alert Questions
Frank Bulk
frnkblk at iname.com
Wed Apr 2 19:18:34 UTC 2014
bgpmon has tweeted that "We're currently observing a large hijack event.
Indosat AS4761 originating many prefixes not assigned to them."
Let's hope that AS4651 can quickly apply filters.
Frank
-----Original Message-----
From: David Hubbard [mailto:dhubbard at dino.hostasaurus.com]
Sent: Wednesday, April 02, 2014 2:03 PM
To: Joseph Jenkins; nanog at nanog.org
Subject: RE: BGPMON Alert Questions
If you contact bgpmon support you may be able to get some more in-depth
information. I've contacted them before with alerts like those and they
were able to give me specific date, time, ASN and interface information
about the peering points that received the announcements; that might
help make you present to the suspect party more likely to be acted upon.
-----Original Message-----
From: Joseph Jenkins [mailto:joe at breathe-underwater.com]
Sent: Wednesday, April 02, 2014 2:52 PM
To: nanog at nanog.org
Subject: BGPMON Alert Questions
So I setup BGPMON for my prefixes and got an alert about someone in
Thailand announcing my prefix. Everything looks fine to me and I've
checked a bunch of different Looking Glasses and everything announcing
correctly.
I am assuming I should be contacting the provider about their
misconfiguration and announcing my prefixes and get them to fix it. Any
other recommendations?
Is there a way I can verify what they are announcing just to make sure
they are still doing it?
Here is the alert for reference:
Your prefix: 8.37.93.0/24:
Update time: 2014-04-02 18:26 (UTC)
Detected by #peers: 2
Detected prefix: 8.37.93.0/24
Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
Provider,ID)
Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority
of
Thailand(CAT),TH)
ASpath: 18356 9931 4651 4761
More information about the NANOG
mailing list