BGPMON Alert Questions

Andree Toonk andree+nanog at toonk.nl
Wed Apr 2 23:16:23 UTC 2014


Quick update from BGPmon:
We've detected 415,652 prefixes being hijacked by Indosat today. 8,233
of those were seen by more than 10 of our BGP collectors.

When receiving a BGPmon alerts, one of the metrics to look at that will
help with determining the scope and impact is the 'Detected by #peers'
value.
Many of the alerts where only seen by one or two peers in Thailand. This
indicates that communications for those prefixes would likely have been
affected for some in Thailand.

8,233 of the hijacked prefixes were seen by more than 10 of our peers.
For those the impact would have been more severe.

Since we're on Nanog, here's al list of US based networks affected by
Indosat hijack that were seen by more than 10 unique ASns:
http://portal.bgpmon.net/data/indosat-us.txt it includes  apple, telia,
ntt, level3, comcast, cableone, akamai, Joyent

Same for Canadian prefixes (keep in mind there were more hijacked
prefixes, this is just the list for which the hijack was seen by more
than 10 of our peers)
http://portal.bgpmon.net/data/indosat-ca.txt


Cheers,
 Andree


.-- My secret spy satellite informs me that at 2014-04-02 2:20 PM
Laszlo Hanyecz wrote:
> They're just leaking every route right?
> Is it possible to poison the AS paths you announce with their own AS to get them to let go of your prefixes until it's fixed?
> Would that work, or some other trick that can be done without their cooperation?
> 
> Thanks,
> Laszlo
> 
> 




More information about the NANOG mailing list