BGPMON Alert Questions

Eric Dugas EDugas at zerofail.com
Wed Apr 2 21:12:56 UTC 2014


Thanks, also emailed [email protected] noc at . Didn't receive any bounce emails..

eric at zerofail.com
AS40191

On Apr 2, 2014 5:06 PM, Aris Lambrianidis <effulgence at gmail.com> wrote:
Contacted ip.tac at indosat.com about this, I urge others to do the same.

--Aris


On Wed, Apr 2, 2014 at 9:33 PM, Andrew (Andy) Ashley
<andrew.a at aware.co.th>wrote:

> Hi All,
>
> I am a network admin for Aware Corporation AS18356 (Thailand), as
> mentioned in the alert.
> We operate a BGPMon PeerMon node on our network, which peers with the
> BGPMon service as a collector.
>
> It is likely that AS4761 (INDOSAT) has somehow managed to hijack these
> prefixes and CAT (Communications Authority of Thailand AS4651) is not
> filtering them,
> hence they are announced to us and are triggering these BGPMon alerts.
>
> I have had several mails to our NOC about this already and have responded
> directly to those.
> I suggest contacting Indosat directly to get this resolved.
> AS18356 is a stub AS, so we are not actually advertising these learned
> hijacked prefixes to anyone but BGPMon for data collection purposes.
>
> Thanks.
>
> Regards,
>
> Andrew Ashley
>
> Office: +27 21 673 6841
> E-mail: andrew.a at aware.co.th
> Web: www.aware.co.th<http://www.aware.co.th>
>
>
>
> On 2014/04/02, 21:05, "Vlade Ristevski" <vristevs at ramapo.edu> wrote:
>
> >I just got the same alert for one of my prefixes one minute ago.
> >
> >On 4/2/2014 2:59 PM, Frank Bulk wrote:
> >> I received a similar notification about one of our prefixes also a few
> >> minutes ago.  I couldn't find a looking glass for AS4761 or AS4651.
> >>But I
> >> also couldn't hit the websites for either AS, either.
> >>
> >> Frank
> >>
> >> -----Original Message-----
> >> From: Joseph Jenkins [mailto:joe at breathe-underwater.com]
> >> Sent: Wednesday, April 02, 2014 1:52 PM
> >> To: nanog at nanog.org
> >> Subject: BGPMON Alert Questions
> >>
> >> So I setup BGPMON for my prefixes and got an alert about someone in
> >> Thailand announcing my prefix.  Everything looks fine to me and I've
> >> checked a bunch of different Looking Glasses and everything announcing
> >> correctly.
> >>
> >> I am assuming I should be contacting the provider about their
> >> misconfiguration and announcing my prefixes and get them to fix it.  Any
> >> other recommendations?
> >>
> >> Is there a way I can verify what they are announcing just to make sure
> >>they
> >> are still doing it?
> >>
> >> Here is the alert for reference:
> >>
> >> Your prefix:          8.37.93.0/24:
> >>
> >> Update time:          2014-04-02 18:26 (UTC)
> >>
> >> Detected by #peers:   2
> >>
> >> Detected prefix:      8.37.93.0/24
> >>
> >> Announced by:         AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
> >> Provider,ID)
> >>
> >> Upstream AS:          AS4651 (THAI-GATEWAY The Communications Authority
> >>of
> >> Thailand(CAT),TH)
> >>
> >> ASpath:               18356 9931 4651 4761
> >>
> >>
> >>
> >
> >--
> >Vlad
> >
> >
>



More information about the NANOG mailing list