BGPMON Alert Questions

Wed Apr 2 21:12:57 UTC 2014

So,

Just tired e-mailing to that address.

"*Delivery has failed to these recipients or groups:*

indriana.triyunianingtyas at indosat.com 
<mailto:indriana.triyunianingtyas at indosat.com>
The recipient's mailbox is full and can't accept messages now. Please 
try resending this message later, or contact the recipient directly."

Sincerely,

Mark Keymer
CFO/COO
Vivio Technologies

On 4/2/2014 1:40 PM, Aris Lambrianidis wrote:
> Contacted ip.tac at indosat.com about this, I urge others to do the same.
>
> --Aris
>
>
> On Wed, Apr 2, 2014 at 9:33 PM, Andrew (Andy) Ashley
> <andrew.a at aware.co.th>wrote:
>
>> Hi All,
>>
>> I am a network admin for Aware Corporation AS18356 (Thailand), as
>> mentioned in the alert.
>> We operate a BGPMon PeerMon node on our network, which peers with the
>> BGPMon service as a collector.
>>
>> It is likely that AS4761 (INDOSAT) has somehow managed to hijack these
>> prefixes and CAT (Communications Authority of Thailand AS4651) is not
>> filtering them,
>> hence they are announced to us and are triggering these BGPMon alerts.
>>
>> I have had several mails to our NOC about this already and have responded
>> directly to those.
>> I suggest contacting Indosat directly to get this resolved.
>> AS18356 is a stub AS, so we are not actually advertising these learned
>> hijacked prefixes to anyone but BGPMon for data collection purposes.
>>
>> Thanks.
>>
>> Regards,
>>
>> Andrew Ashley
>>
>> Office: +27 21 673 6841
>> E-mail: andrew.a at aware.co.th
>> Web: www.aware.co.th
>>
>>
>>
>> On 2014/04/02, 21:05, "Vlade Ristevski" <vristevs at ramapo.edu> wrote:
>>
>>> I just got the same alert for one of my prefixes one minute ago.
>>>
>>> On 4/2/2014 2:59 PM, Frank Bulk wrote:
>>>> I received a similar notification about one of our prefixes also a few
>>>> minutes ago.  I couldn't find a looking glass for AS4761 or AS4651.
>>>> But I
>>>> also couldn't hit the websites for either AS, either.
>>>>
>>>> Frank
>>>>
>>>> -----Original Message-----
>>>> From: Joseph Jenkins [mailto:joe at breathe-underwater.com]
>>>> Sent: Wednesday, April 02, 2014 1:52 PM
>>>> To: nanog at nanog.org
>>>> Subject: BGPMON Alert Questions
>>>>
>>>> So I setup BGPMON for my prefixes and got an alert about someone in
>>>> Thailand announcing my prefix.  Everything looks fine to me and I've
>>>> checked a bunch of different Looking Glasses and everything announcing
>>>> correctly.
>>>>
>>>> I am assuming I should be contacting the provider about their
>>>> misconfiguration and announcing my prefixes and get them to fix it.  Any
>>>> other recommendations?
>>>>
>>>> Is there a way I can verify what they are announcing just to make sure
>>>> they
>>>> are still doing it?
>>>>
>>>> Here is the alert for reference:
>>>>
>>>> Your prefix:          8.37.93.0/24:
>>>>
>>>> Update time:          2014-04-02 18:26 (UTC)
>>>>
>>>> Detected by #peers:   2
>>>>
>>>> Detected prefix:      8.37.93.0/24
>>>>
>>>> Announced by:         AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
>>>> Provider,ID)
>>>>
>>>> Upstream AS:          AS4651 (THAI-GATEWAY The Communications Authority
>>>> of
>>>> Thailand(CAT),TH)
>>>>
>>>> ASpath:               18356 9931 4651 4761
>>>>
>>>>
>>>>
>>> --
>>> Vlad
>>>
>>>