OmanTel hijacking of IP space

Jared Mauch jared at puck.nether.net
Wed Jan 11 15:50:49 UTC 2017 

There is an ongoing pattern of OmanTel hijacking IP space and advertising it to many of their peers (but not transits).

here’s the most recent announcement.  This could be mitigated in a few days, such as filtering your peers on a prefix basis, or at minimum rejecting the private ASN space, eg: 64512-65535, as well as the 4 byte variant range: 4200000000-4294967294

Please take a moment and update your AS_PATH filters to minimize the pollution you accept or propagate.

- Jared

(more details - http://dyn.com/blog/iran-leaks-censorship-via-bgp-hijacks/ )

route-views>sh ip bgp 206.125.164.0/24 long
BGP table version is 38506351, local router ID is 128.223.51.103
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *   206.125.164.0    193.0.0.56                             0 3333 8529 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 65050 i
 *                    123.108.254.218                        0 9902 24218 8529 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 i
 *                    195.208.112.161                        0 3277 3267 8529 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 65050 i
 *                    194.85.40.15                           0 3267 8529 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 65050 i
 *                    212.66.96.126                          0 20912 1267 8529 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 65050 i
 *                    95.85.0.2                              0 200130 8529 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 65050 i
 *                    5.101.110.2                            0 202018 8529 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 65050 i
 *>                   103.247.3.45                           0 58511 8529 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 65050 i
 *                    80.241.176.31                          0 20771 47872 8529 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 12880 65050 i

More information about the NANOG mailing list