BGP Hijack/Sickness with AS4637

Alain Hebert ahebert at pubnix.net
Fri May 25 15:47:04 UTC 2018


     Hi,

     We're looking for a contact, *that works*, to get in touch with 
AS4637 (Telstra/HK) about some hijacking or router sickness.


     BGPmon has been reporting an hijack of AS3's subnet 18.29.238.0/23.

     After being contacted by AS3, we went over the advertisement with 
AS29909 and AS16532 to be sure.

     Then we tried getting in touch with AS4637 (Telstra/HK) but it went 
nowhere at this point.

     PS: If anyone has better observations that would be greatly 
appreciated.

-----

Context:

     A few times this month, BGPmon reported an hijack of 
18.29.238.0/23  (AS3).

     For this hijack I see AS4637 (Telstra/HK), AS3257( GTT) AS29909 
(MOO) and AS16532 ( (which are peers I know and I'm in contact with).

         And I'm pretty sure AS3257 (GTT ) is in the same boat as us, as 
they're not the one advertising those routes to AS4637

     AS16532 found it to come from AS4637 as you can see from this 
ColoAU LG output below


----- https://lg.coloau.com.au/

vrf-international.inet.0: 696533 destinations, 2248101 routes (696249 
active, 0 holddown, 103835 hidden)
+ = Active Route, - = Last Active, * = Both

18.29.238.0/23     *[BGP/170] 1d 19:57:28, localpref 90, from 103.97.52.2
                       AS path: 4637 3257 29909 16532 16532 16532 16532 
I, validation-state: unverified

-- 
-----
Alain Hebert                                ahebert at pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443




More information about the NANOG mailing list