AS3266: BitCanal hijack factory, courtesy of many connectivity providers
Simon Muyal
smuyal at franceix.net
Tue Jun 26 18:13:26 UTC 2018
Hi Job, all,
On the France-IX route servers, we are applying filters based on IRR
DBs. I double checked the list https://pastebin.com/raw/Jw1my9Bb and
these prefixes should be filtered if bitcanal starts announcing them.
Currently, bitcanal/AS197426 is not announcing any prefix on our route
servers:
https://lg.franceix.net/irr_found_for/RS1+RS2/ipv4?q=197426
https://lg.franceix.net/irr_notfound_for/RS1+RS2/ipv4?q=197426
regards,
Simon
--
Simon Muyal
CTO
FranceIX
Tél: +33 (0)1 70 61 97 74
Mob: +33 (0)6 21 17 29 51
<https://t.co/dN09RCYsX9>
Le 26/06/2018 à 11:22, Job Snijders a écrit :
> (I've updated the email subject to make it more accurate)
>
> On Tue, Jun 26, 2018 at 12:18:19PM -0400, Stephen Fulton wrote:
>> Unless of course they are not actually on an IXP listed.
> Of course.
>
>> Bitcanal is not a member of TorIX and as far as I recall, never has
>> been. The IP they list in PeeringDB was never assigned to them at any
>> point and in fact was used by an AS112 instance which was run by TorIX
>> directly on the fabric for a time. I sent in a note to PeeringDB
>> several years ago about Bitcanal claiming to be a peer when they were
>> not and never heard back.. I'll resend.
> Thank you for this clarification. Indeed a note to the PeeringDB Admin
> committee should help clean this up. Please note that this organisation
> also goes under the name of "Ebony Horizon".
>
> I've manually confirmed bitcanal/AS 197426 is connected to AMS-IX, ECIX
> Frankfurt, ESPANIX, FranceIX Paris, GigaPIX, and LINX LON1.
>
> At most of these IXPs, bitcanal seems to be connected the the IXP's
> route servers. In my mind, if we want to consider responsibility, these
> IXPs are as much at fault as any upstream provider. Connectivity is
> connectivity.
>
> Kind regards,
>
> Job
More information about the NANOG
mailing list