BGP prefix filter list / BGP hijacks, different type

Denys Fedoryshchenko nuclearcat at nuclearcat.com
Fri May 17 13:45:04 UTC 2019


I wanted to mention one additional important point in all these 
monitoring discussion.
Right now, for one of my subnets Google services stopped working.
Why? Because it seems like someone from Russia did BGP hijack, BUT, 
exclusively for google services (most likely some kind of peering).
Quite by chance, I noticed that the traceroute from the google cloud to 
this subnet goes through Russia, although my country has nothing to do 
with Russia at all, not even transit traffic through them.
Sure i mailed noc at google, but reaching someone in big companies is not 
easiest job, you need to search for some contact that answers. And good 
luck for realtime communications.
And, all large CDNs have their own "internet", although they have BGP, 
they often interpret it in their own way, which no one but them can 
monitor and keep history. No looking glass for sure, as well.
If your network is announced by a malicious party from another country, 
you will not even know about it, but your requests(actually answers from 
service) will go through this party.



More information about the NANOG mailing list