Prefix hijack by AS4761 (was Re: BGPMON Alert Questions)
joel jaeggli
joelja at bogus.com
Wed Apr 2 19:41:14 UTC 2014
yeah you're seeing the impact of a pretty broad prefix injection
indosat's upstream filters seem to be working for the most part.
On 4/2/14, 12:10 PM, Stephen Fulton wrote:
> I'm seeing the same hijack of prefixes by multiple networks under my
> watch, at 18:40 UTC and 19:06 UTC.
>
> -- Stephen
>
>
> On 2014-04-02 2:51 PM, Joseph Jenkins wrote:
>> So I setup BGPMON for my prefixes and got an alert about someone in
>> Thailand announcing my prefix. Everything looks fine to me and I've
>> checked a bunch of different Looking Glasses and everything announcing
>> correctly.
>>
>> I am assuming I should be contacting the provider about their
>> misconfiguration and announcing my prefixes and get them to fix it. Any
>> other recommendations?
>>
>> Is there a way I can verify what they are announcing just to make sure
>> they
>> are still doing it?
>>
>> Here is the alert for reference:
>>
>> Your prefix: 8.37.93.0/24:
>>
>> Update time: 2014-04-02 18:26 (UTC)
>>
>> Detected by #peers: 2
>>
>> Detected prefix: 8.37.93.0/24
>>
>> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
>> Provider,ID)
>>
>> Upstream AS: AS4651 (THAI-GATEWAY The Communications
>> Authority of
>> Thailand(CAT),TH)
>>
>> ASpath: 18356 9931 4651 4761
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140402/5ca34075/attachment.sig>
More information about the NANOG
mailing list