AS3266: BitCanal hijack factory, courtesy of many connectivity providers

Thu Jun 28 15:56:46 UTC 2018

https://bgp.he.net/AS205869#_peers

This is another chronic hijacker that is spoofing downstream ASNs and Prefixes.
They are currently hijacking 25 prefixes.  Mostly /18s,/19s and /20s.

Telcom Italia, Telia and Eurotrans Telecom are upstreams.
Of course people making money off of it aren't going to do anything about it.
Eurotrans Telecom has telia and tata as upstreams.
They are also peered with HE but HE doesn't appear to be accepting the hijacked routes.
Good for them.

Mack

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Radu-Adrian Feurdean
Sent: Tuesday, June 26, 2018 1:57 PM
To: nanog at nanog.org
Subject: Re: AS3266: BitCanal hijack factory, courtesy of many connectivity providers

On Tue, Jun 26, 2018, at 20:23, Job Snijders wrote:
> I'm very happy FranceIX apply filters - however Bitcanal is known to 
> submit fabricated/falsified IRR information to databases like RADB and 
> RIPE. I've reported this multiple times over the years to IRR database 
> operators.
> 
> In conclusion in the case of Bitcanal, most of your filtering is 
> useless (and so is mine). Participants like Bitcanal dillute the value 
> of your route servers and the IXP as a whole.

I can confirm that this mornig (~09h30 CEST, when I read the first message in the thread) there were no BitCanal announces received from FranceIX Paris RS. Not even the ones with an IRR record (the ones in 213/8). All of them were from transit.
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.