Prefix hijacking by AS20115

Tue Sep 29 04:28:54 UTC 2015

On Mon, Sep 28, 2015 at 11:59 PM, Bob Evans <bob at fiberinternetcenter.com> wrote:
> That's something I would do. Announce announce and keep adding ports until
> I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in a
> blackhole route for the prefixes. Try to pick blocks that are as
> geographically located to your peering routers as possible ...IE in Reno
> pick the blocks that seem to be near by - like Reno, Tahoe, Sacramento
> ..... when that batch of customers makes their phones ring all night
> someone will listen.
>

that seems like a pretty poor strategy... guaranteed to get you into
some hot water, I suspect. Keep in mind that the 'noc' at 20115 isn't
the same thing as the customer-service-center. There's likely little
to link the 2 things together there :(

> Would be nice if our membership organization ARIN ( that we all pay to
> keep us somewhat organized) had an ability to do something for you.... I
> never looked into it...i don't know....maybe it does ?

arin does not guarantee 'routability' of netblocks assigned to your org.

> But, in the mean time I am pretty sure you can document this well and
> prove your announcements of theirs was due to the fact you couldn't get
> proper technical attention and needed to desperately before your customers
> cancel after 8 hours of this. Tomorrow call your lawyers and begin to sue
> that cable company (did I recognize that ASN as cable TV ? ) for damages
> this must be causing you in ill-will amongst your customer base.
>
> I wonder just how you prove the damage...some equation based on customer
> calls and complaints together with how many years you have been in
> business as well as the number of contracts that are coming up for
> renewal. etc etc. Now that would be interesting to see a formula for that
> if anyone has been through it.
>

you COULD find a charter person on-list...there are nine names on the
attendees list for the upcoming meeting... I imagine peeringdb likely
has folk listed... gosh it sure does:

<https://www.peeringdb.com/private/participant_view.php?id=2144>

what with their emails and everything.

> Thank You
> Bob Evans
> CTO
>
>
>
>
>> Start announcing their prefixes?
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>> On Sep 28, 2015 11:09 PM, "Seth Mattinen" <sethm at rollernet.us> wrote:
>>
>>> On 9/28/15 18:30, William Herrin wrote:
>>>
>>>> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen <sethm at rollernet.us>
>>>> wrote:
>>>>
>>>>> I've got a problem where AS20115 continues to announce prefixes after
>>>>> BGP
>>>>> neighbors were shutdown. They claim it's a wedged BGP process but
>>>>> aren't
>>>>> in
>>>>> any hurry to fix it outside of a maintenance window.
>>>>>
>>>>
>>>> If they weren't lying to you, they'd fix it now. That's not the kind
>>>> of problem that waits.
>>>>
>>>> Thing is: they lied to you. Long ago they "helpfully" programmed their
>>>> router to announce your route regardless of whether you sent a route
>>>> to them. They want to wait for a maintenance window to remove that
>>>> configuration.
>>>>
>>>>
>>>> I'm at a loss of what else I can do. They admit the problem but won't
>>>> take
>>>>> action saying it needs to wait for a maintenance window. Am I out of
>>>>> line
>>>>> insisting that's an unacceptable response to a problem that results in
>>>>> prefix/traffic hijacking?
>>>>>
>>>>
>>>> Try dropping the link entirely. If they still announce your addresses,
>>>> bring it back up but report it as emergency down, escalate, and call
>>>> back every 10 minutes until the junior tech understands that it's time
>>>> to call and wake up the guy who makes the decision to fix it now.
>>>>
>>>>
>>>
>>> I'm at the tail end here almost 8 hours later since the hijacking
>>> started.
>>> Their NOC is just blowing me off now and they're happy to continue the
>>> hijacking until it's convenient for them to have a maintenance window.
>>> And
>>> that's apparently the final decision.
>>>
>>> ~Seth
>>>
>>
>
>