BGP Hijack/Sickness with AS4637

Michel Py michel.py at tsisemi.com
Fri May 25 19:05:48 UTC 2018 

There is a good possibility that AS 16532 was trying to prepend 3 times and did prepend 16532 3 instead of prepend 16532 16532 16532.	
That tends to happen with very low number AS

Regards,
Michel.

Regards,
Nik.

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Nikolas Geyer
Sent: Friday, May 25, 2018 11:59 AM
To: ahebert at pubnix.net
Cc: NANOG list
Subject: Re: BGP Hijack/Sickness with AS4637

Greetings!

Actually, what you have provided below shows the exact opposite. It shows ColoAU have received the route from 4637 who have received it from 3257 who have received it from 29909 who have received it from 16532 who originated it. It infers nothing about who 16532 found the route to come from.

It is evident that GTT are advertising that route to Telstra Global :)

Regards,
Nik.

>
>         And I'm pretty sure AS3257 (GTT ) is in the same boat as us, as they're not the one advertising those routes to AS4637
>
>     AS16532 found it to come from AS4637 as you can see from this ColoAU LG output below
>
>
> ----- https://lg.coloau.com.au/
>
> vrf-international.inet.0: 696533 destinations, 2248101 routes (696249 active, 0 holddown, 103835 hidden)
> + = Active Route, - = Last Active, * = Both
>
> 18.29.238.0/23     *[BGP/170] 1d 19:57:28, localpref 90, from 103.97.52.2
>                       AS path: 4637 3257 29909 16532 16532 16532 16532 I, validation-state: unverified
>
> --
> -----
> Alain Hebert                                ahebert at pubnix.net
> PubNIX Inc.
> 50 boul. St-Charles
> P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
> Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443
>
TSI Disclaimer:  This message and any files or text attached to it are intended only for the recipients named above and contain information that may be confidential or privileged. If you are not the intended recipient, you must not forward, copy, use or otherwise disclose this communication or the information contained herein. In the event you have received this message in error, please notify the sender immediately by replying to this message, and then delete all copies of it from your system. Thank you!...

More information about the NANOG mailing list