BGPMON Alert Questions
EDugas at zerofail.com
Wed Apr 2 21:12:56 UTC 2014
Thanks, also emailed [email protected] noc at . Didn't receive any bounce emails..
eric at zerofail.com
On Apr 2, 2014 5:06 PM, Aris Lambrianidis <effulgence at gmail.com> wrote:
Contacted ip.tac at indosat.com about this, I urge others to do the same.
On Wed, Apr 2, 2014 at 9:33 PM, Andrew (Andy) Ashley
<andrew.a at aware.co.th>wrote:
> Hi All,
> I am a network admin for Aware Corporation AS18356 (Thailand), as
> mentioned in the alert.
> We operate a BGPMon PeerMon node on our network, which peers with the
> BGPMon service as a collector.
> It is likely that AS4761 (INDOSAT) has somehow managed to hijack these
> prefixes and CAT (Communications Authority of Thailand AS4651) is not
> filtering them,
> hence they are announced to us and are triggering these BGPMon alerts.
> I have had several mails to our NOC about this already and have responded
> directly to those.
> I suggest contacting Indosat directly to get this resolved.
> AS18356 is a stub AS, so we are not actually advertising these learned
> hijacked prefixes to anyone but BGPMon for data collection purposes.
> Andrew Ashley
> Office: +27 21 673 6841
> E-mail: andrew.a at aware.co.th
> Web: www.aware.co.th<http://www.aware.co.th>
> On 2014/04/02, 21:05, "Vlade Ristevski" <vristevs at ramapo.edu> wrote:
> >I just got the same alert for one of my prefixes one minute ago.
> >On 4/2/2014 2:59 PM, Frank Bulk wrote:
> >> I received a similar notification about one of our prefixes also a few
> >> minutes ago. I couldn't find a looking glass for AS4761 or AS4651.
> >>But I
> >> also couldn't hit the websites for either AS, either.
> >> Frank
> >> -----Original Message-----
> >> From: Joseph Jenkins [mailto:joe at breathe-underwater.com]
> >> Sent: Wednesday, April 02, 2014 1:52 PM
> >> To: nanog at nanog.org
> >> Subject: BGPMON Alert Questions
> >> So I setup BGPMON for my prefixes and got an alert about someone in
> >> Thailand announcing my prefix. Everything looks fine to me and I've
> >> checked a bunch of different Looking Glasses and everything announcing
> >> correctly.
> >> I am assuming I should be contacting the provider about their
> >> misconfiguration and announcing my prefixes and get them to fix it. Any
> >> other recommendations?
> >> Is there a way I can verify what they are announcing just to make sure
> >> are still doing it?
> >> Here is the alert for reference:
> >> Your prefix: 22.214.171.124/24:
> >> Update time: 2014-04-02 18:26 (UTC)
> >> Detected by #peers: 2
> >> Detected prefix: 126.96.36.199/24
> >> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
> >> Provider,ID)
> >> Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority
> >> Thailand(CAT),TH)
> >> ASpath: 18356 9931 4651 4761
More information about the NANOG