BGPMON Alert Questions

Joseph Jenkins joe at breathe-underwater.com
Wed Apr 2 21:13:21 UTC 2014


Tried the recipients mailbox is full, but it looks like all of the bgpmon
alerts have cleared.


On Wed, Apr 2, 2014 at 1:40 PM, Aris Lambrianidis <effulgence at gmail.com>wrote:

> Contacted ip.tac at indosat.com about this, I urge others to do the same.
>
> --Aris
>
>
> On Wed, Apr 2, 2014 at 9:33 PM, Andrew (Andy) Ashley
> <andrew.a at aware.co.th>wrote:
>
> > Hi All,
> >
> > I am a network admin for Aware Corporation AS18356 (Thailand), as
> > mentioned in the alert.
> > We operate a BGPMon PeerMon node on our network, which peers with the
> > BGPMon service as a collector.
> >
> > It is likely that AS4761 (INDOSAT) has somehow managed to hijack these
> > prefixes and CAT (Communications Authority of Thailand AS4651) is not
> > filtering them,
> > hence they are announced to us and are triggering these BGPMon alerts.
> >
> > I have had several mails to our NOC about this already and have responded
> > directly to those.
> > I suggest contacting Indosat directly to get this resolved.
> > AS18356 is a stub AS, so we are not actually advertising these learned
> > hijacked prefixes to anyone but BGPMon for data collection purposes.
> >
> > Thanks.
> >
> > Regards,
> >
> > Andrew Ashley
> >
> > Office: +27 21 673 6841
> > E-mail: andrew.a at aware.co.th
> > Web: www.aware.co.th
> >
> >
> >
> > On 2014/04/02, 21:05, "Vlade Ristevski" <vristevs at ramapo.edu> wrote:
> >
> > >I just got the same alert for one of my prefixes one minute ago.
> > >
> > >On 4/2/2014 2:59 PM, Frank Bulk wrote:
> > >> I received a similar notification about one of our prefixes also a few
> > >> minutes ago.  I couldn't find a looking glass for AS4761 or AS4651.
> > >>But I
> > >> also couldn't hit the websites for either AS, either.
> > >>
> > >> Frank
> > >>
> > >> -----Original Message-----
> > >> From: Joseph Jenkins [mailto:joe at breathe-underwater.com]
> > >> Sent: Wednesday, April 02, 2014 1:52 PM
> > >> To: nanog at nanog.org
> > >> Subject: BGPMON Alert Questions
> > >>
> > >> So I setup BGPMON for my prefixes and got an alert about someone in
> > >> Thailand announcing my prefix.  Everything looks fine to me and I've
> > >> checked a bunch of different Looking Glasses and everything announcing
> > >> correctly.
> > >>
> > >> I am assuming I should be contacting the provider about their
> > >> misconfiguration and announcing my prefixes and get them to fix it.
>  Any
> > >> other recommendations?
> > >>
> > >> Is there a way I can verify what they are announcing just to make sure
> > >>they
> > >> are still doing it?
> > >>
> > >> Here is the alert for reference:
> > >>
> > >> Your prefix:          8.37.93.0/24:
> > >>
> > >> Update time:          2014-04-02 18:26 (UTC)
> > >>
> > >> Detected by #peers:   2
> > >>
> > >> Detected prefix:      8.37.93.0/24
> > >>
> > >> Announced by:         AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
> > >> Provider,ID)
> > >>
> > >> Upstream AS:          AS4651 (THAI-GATEWAY The Communications
> Authority
> > >>of
> > >> Thailand(CAT),TH)
> > >>
> > >> ASpath:               18356 9931 4651 4761
> > >>
> > >>
> > >>
> > >
> > >--
> > >Vlad
> > >
> > >
> >
>



More information about the NANOG mailing list