BGPMON Alert Questions
Andree Toonk
andree+nanog at toonk.nl
Wed Apr 2 19:21:21 UTC 2014
I can confirm that indosat appears to be hijacking many prefixes.
HE 6939 is one of the networks picking it up and distributing it
further. Here's an example for a Syrian prefix:
http://portal.bgpmon.net/data/indosat-hijack.png
====================================================================
Possible Prefix Hijack (Code: 10)
====================================================================
Your prefix: 5.0.0.0/18:
Prefix Description: STE Public Data Network Backbone and LIR
Update time: 2014-04-02 18:47 (UTC)
Detected by #peers: 13
Detected prefix: 5.0.0.0/18
Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
Provider,ID)
Upstream AS: AS6939 (HURRICANE - Hurricane Electric, Inc.,US)
ASpath: 271 6939 4761
Alert details:
https://portal.bgpmon.net/alerts.php?details&alert_id=41644877
Mark as false alert: https://portal.bgpmon.net/fp.php?aid=41644877
Andree (BGPMON.net)
.-- My secret spy satellite informs me that at 2014-04-02 11:59 AM Kate
Gerry wrote:
> I just got the same thing.
>
> ====================================================================
> Possible Prefix Hijack (Code: 10)
> ====================================================================
> Your prefix: 173.44.32.0/19:
> Prefix Description: AS8100
> Update time: 2014-04-02 18:40 (UTC)
> Detected by #peers: 1
> Detected prefix: 173.44.32.0/19
> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID)
> Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH)
> ASpath: 18356 38794 4651 4761
> Alert details: https://portal.bgpmon.net/alerts.php?details&alert_id=41639483
> Mark as false alert: https://portal.bgpmon.net/fp.php?aid=41639483
>
> ====================================================================
> Possible Prefix Hijack (Code: 10)
> ====================================================================
> Your prefix: 173.205.80.0/20:
> Prefix Description: AS8100
> Update time: 2014-04-02 18:40 (UTC)
> Detected by #peers: 1
> Detected prefix: 173.205.80.0/20
> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID)
> Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH)
> ASpath: 18356 38794 4651 4761
> Alert details: https://portal.bgpmon.net/alerts.php?details&alert_id=41639484
> Mark as false alert: https://portal.bgpmon.net/fp.php?aid=41639484
>
> --
> Kate Gerry
> Network Manager
> kate at quadranet.com
>
> 1-888-5-QUADRA Ext 206 | www.QuadraNet.com
> Dedicated Servers, Colocation, Cloud Services and more.
> Datacenters in Los Angeles, Dallas and Miami.
>
> Follow us on:
>
> -----Original Message-----
> From: Joseph Jenkins [mailto:joe at breathe-underwater.com]
> Sent: Wednesday, April 2, 2014 11:52 AM
> To: nanog at nanog.org
> Subject: BGPMON Alert Questions
>
> So I setup BGPMON for my prefixes and got an alert about someone in Thailand announcing my prefix. Everything looks fine to me and I've checked a bunch of different Looking Glasses and everything announcing correctly.
>
> I am assuming I should be contacting the provider about their misconfiguration and announcing my prefixes and get them to fix it. Any other recommendations?
>
> Is there a way I can verify what they are announcing just to make sure they are still doing it?
>
> Here is the alert for reference:
>
> Your prefix: 8.37.93.0/24:
>
> Update time: 2014-04-02 18:26 (UTC)
>
> Detected by #peers: 2
>
> Detected prefix: 8.37.93.0/24
>
> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
> Provider,ID)
>
> Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of
> Thailand(CAT),TH)
>
> ASpath: 18356 9931 4651 4761
>
More information about the NANOG
mailing list