BGPMON Alert Questions

• Previous message (by thread): BGPMON Alert Questions
• Next message (by thread): BGPMON Alert Questions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Snap, announcing a few of our /21s and a /23. Seems they did something similar a few year ago: http://www.bgpmon.net/hijack-by-as4761-indosat-a-quick-report/

I can't make any contact with Indosat (website non responsive / email queuing). This is what I have back from Aware Corp. AS18356 (first AS in the path):

I can confirm that we are seeing your prefixes as advertised by AS4761, via one of our upstreams CAT AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH)
We (Aware Corporation - AS18356) operate a BGPMon PeerMon node which is probably why you are seeing this alert from our AS.
It is likely that your highjacked prefixes are being advertised to all of CAT's customers. 
I suggest contacting  AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) directly for resolution as there is little we can do as a stub AS.



Regards,
Lee.



-----Original Message-----
From: Vlade Ristevski [mailto:vristevs at ramapo.edu] 
Sent: 02 April 2014 20:05
To: nanog at nanog.org
Subject: Re: BGPMON Alert Questions

I just got the same alert for one of my prefixes one minute ago.

On 4/2/2014 2:59 PM, Frank Bulk wrote:
> I received a similar notification about one of our prefixes also a few 
> minutes ago.  I couldn't find a looking glass for AS4761 or AS4651.  
> But I also couldn't hit the websites for either AS, either.
>
> Frank
>
> -----Original Message-----
> From: Joseph Jenkins [mailto:joe at breathe-underwater.com]
> Sent: Wednesday, April 02, 2014 1:52 PM
> To: nanog at nanog.org
> Subject: BGPMON Alert Questions
>
> So I setup BGPMON for my prefixes and got an alert about someone in 
> Thailand announcing my prefix.  Everything looks fine to me and I've 
> checked a bunch of different Looking Glasses and everything announcing 
> correctly.
>
> I am assuming I should be contacting the provider about their 
> misconfiguration and announcing my prefixes and get them to fix it.  
> Any other recommendations?
>
> Is there a way I can verify what they are announcing just to make sure 
> they are still doing it?
>
> Here is the alert for reference:
>
> Your prefix:          8.37.93.0/24:
>
> Update time:          2014-04-02 18:26 (UTC)
>
> Detected by #peers:   2
>
> Detected prefix:      8.37.93.0/24
>
> Announced by:         AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
> Provider,ID)
>
> Upstream AS:          AS4651 (THAI-GATEWAY The Communications Authority of
> Thailand(CAT),TH)
>
> ASpath:               18356 9931 4651 4761
>
>
>

--
Vlad

• Previous message (by thread): BGPMON Alert Questions
• Next message (by thread): BGPMON Alert Questions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]