BGPMON Alert Questions
Bob Evans
bob at FiberInternetCenter.com
Wed Apr 2 20:31:12 UTC 2014
where did you get that number ?
aut-num: AS4761
as-name: INDOSAT-INP-AP
descr: INDOSAT Internet Network Provider
descr: Internet Network Access Point in INDONESIA
country: ID
admin-c: IH151-AP
tech-c: DA205-AP
mnt-by: MAINT-ID-INDOSAT-INP
changed: hostmaster at indosat.com 20081006
source: APNIC
person: Dewi Amalia
nic-hdl: DA205-AP
e-mail: dewi.amalia at indosat.com
address: PT INDOSAT
address: JL. Medan Merdeka Barat 21
address: Jakarta Pusat
phone: +62-21-30444066
fax-no: +62-21-30001073
country: ID
changed: dewi.amalia at indosat.com 20080117
mnt-by: MAINT-ID-INDOSAT-INP
source: APNIC
person: INDOSAT INP Hostmaster
nic-hdl: IH151-AP
e-mail: hostmaster at indosat.com
address: PT Indosat
address: Jl. Medan Merdeka Barat 21
address: Jakarta Pusat
phone: +62-21-30444066
fax-no: +62-21-30001073
country: ID
changed: hostmaster at indosat.com 20120104
mnt-by: MAINT-ID-INDOSAT-INP
source: APNIC
Bob Evans
CTO
> I called into +66 2104-2374
>
>
> James Laszko
> Mythos Technology Inc
>
>
> Sent from my iPad
>
>> On Apr 2, 2014, at 1:08 PM, "Bryan Tong" <contact at nullivex.com> wrote:
>>
>> Another 5 of ours just got hit.
>>
>> Anyone have any ideas on what will be done about it?
>>
>>
>>> On Wed, Apr 2, 2014 at 1:18 PM, Frank Bulk <frnkblk at iname.com> wrote:
>>>
>>> bgpmon has tweeted that "We're currently observing a large hijack
>>> event.
>>> Indosat AS4761 originating many prefixes not assigned to them."
>>>
>>> Let's hope that AS4651 can quickly apply filters.
>>>
>>> Frank
>>>
>>> -----Original Message-----
>>> From: David Hubbard [mailto:dhubbard at dino.hostasaurus.com]
>>> Sent: Wednesday, April 02, 2014 2:03 PM
>>> To: Joseph Jenkins; nanog at nanog.org
>>> Subject: RE: BGPMON Alert Questions
>>>
>>> If you contact bgpmon support you may be able to get some more in-depth
>>> information. I've contacted them before with alerts like those and
>>> they
>>> were able to give me specific date, time, ASN and interface information
>>> about the peering points that received the announcements; that might
>>> help make you present to the suspect party more likely to be acted
>>> upon.
>>>
>>> -----Original Message-----
>>> From: Joseph Jenkins [mailto:joe at breathe-underwater.com]
>>> Sent: Wednesday, April 02, 2014 2:52 PM
>>> To: nanog at nanog.org
>>> Subject: BGPMON Alert Questions
>>>
>>> So I setup BGPMON for my prefixes and got an alert about someone in
>>> Thailand announcing my prefix. Everything looks fine to me and I've
>>> checked a bunch of different Looking Glasses and everything announcing
>>> correctly.
>>>
>>> I am assuming I should be contacting the provider about their
>>> misconfiguration and announcing my prefixes and get them to fix it.
>>> Any
>>> other recommendations?
>>>
>>> Is there a way I can verify what they are announcing just to make sure
>>> they are still doing it?
>>>
>>> Here is the alert for reference:
>>>
>>> Your prefix: 8.37.93.0/24:
>>>
>>> Update time: 2014-04-02 18:26 (UTC)
>>>
>>> Detected by #peers: 2
>>>
>>> Detected prefix: 8.37.93.0/24
>>>
>>> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
>>> Provider,ID)
>>>
>>> Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority
>>> of
>>> Thailand(CAT),TH)
>>>
>>> ASpath: 18356 9931 4651 4761
>>
>>
>> --
>> eSited LLC
>> (701) 390-9638
>
>
More information about the NANOG
mailing list