BGP route hijack by AS10990

• Previous message (by thread): BGP route hijack by AS10990
• Next message (by thread): BGP route hijack by AS10990
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Looks like the real question here is why doesn’t 7219 do a better job of filtering what they accept.

Has anyone reached out to them?

Owen


> On Jul 29, 2020, at 23:31 , Aftab Siddiqui <aftab.siddiqui at gmail.com> wrote:
> 
> Looks like the list is too long.. none of them have any valid ROAs as well. 
> 
> = 104.230.0.0/18 <http://104.230.0.0/18> 206313 6724 1299 7219 10990
> = 104.230.64.0/18 <http://104.230.64.0/18> 206313 6724 1299 7219 10990
> = 107.184.0.0/16 <http://107.184.0.0/16> 206313 6724 1299 7219 10990
> = 107.185.0.0/16 <http://107.185.0.0/16> 206313 6724 1299 7219 10990
> = 107.189.192.0/19 <http://107.189.192.0/19> 206313 6724 1299 7219 10990
> = 107.189.224.0/19 <http://107.189.224.0/19> 206313 6724 1299 7219 10990
> = 108.49.0.0/17 <http://108.49.0.0/17> 206313 6724 1299 7219 10990
> = 108.49.128.0/17 <http://108.49.128.0/17> 206313 6724 1299 7219 10990
> = 135.19.192.0/19 <http://135.19.192.0/19> 206313 6724 1299 7219 10990
> = 135.19.224.0/19 <http://135.19.224.0/19> 206313 6724 1299 7219 10990
> = 137.119.140.0/23 <http://137.119.140.0/23> 206313 6724 1299 7219 10990
> = 137.119.142.0/23 <http://137.119.142.0/23> 206313 6724 1299 7219 10990
> = 142.113.0.0/17 <http://142.113.0.0/17> 206313 6724 1299 7219 10990
> = 142.113.128.0/17 <http://142.113.128.0/17> 206313 6724 1299 7219 10990
> = 147.194.0.0/20 <http://147.194.0.0/20> 206313 6724 1299 7219 10990
> = 147.194.16.0/20 <http://147.194.16.0/20> 206313 6724 1299 7219 10990
> = 162.157.0.0/17 <http://162.157.0.0/17> 206313 6724 1299 7219 10990
> = 162.157.128.0/17 <http://162.157.128.0/17> 206313 6724 1299 7219 10990
> = 166.48.0.0/18 <http://166.48.0.0/18> 206313 6724 1299 7219 10990
> = 166.48.64.0/18 <http://166.48.64.0/18> 206313 6724 1299 7219 10990
> = 167.100.80.0/22 <http://167.100.80.0/22> 206313 6724 1299 7219 10990
> = 167.100.84.0/22 <http://167.100.84.0/22> 206313 6724 1299 7219 10990
> = 172.103.112.0/20 <http://172.103.112.0/20> 206313 6724 1299 7219 10990
> = 172.103.96.0/20 <http://172.103.96.0/20> 206313 6724 1299 7219 10990
> = 172.112.0.0/14 <http://172.112.0.0/14> 206313 6724 1299 7219 10990
> = 172.116.0.0/14 <http://172.116.0.0/14> 206313 6724 1299 7219 10990
> = 173.160.0.0/14 <http://173.160.0.0/14> 206313 6724 1299 7219 10990
> = 173.164.0.0/14 <http://173.164.0.0/14> 206313 6724 1299 7219 10990
> = 173.28.224.0/21 <http://173.28.224.0/21> 206313 6724 1299 7219 10990
> = 173.28.232.0/21 <http://173.28.232.0/21> 206313 6724 1299 7219 10990
> = 173.48.0.0/17 <http://173.48.0.0/17> 206313 6724 1299 7219 10990
> = 173.48.128.0/17 <http://173.48.128.0/17> 206313 6724 1299 7219 10990
> = 173.90.0.0/16 <http://173.90.0.0/16> 206313 6724 1299 7219 10990
> = 173.91.0.0/16 <http://173.91.0.0/16> 206313 6724 1299 7219 10990
> = 174.1.56.0/23 <http://174.1.56.0/23> 206313 6724 1299 7219 10990
> = 174.1.58.0/23 <http://174.1.58.0/23> 206313 6724 1299 7219 10990
> = 174.108.0.0/15 <http://174.108.0.0/15> 206313 6724 1299 7219 10990
> = 174.110.0.0/15 <http://174.110.0.0/15> 206313 6724 1299 7219 10990
> = 174.223.0.0/18 <http://174.223.0.0/18> 206313 6724 1299 7219 10990
> = 174.223.64.0/18 <http://174.223.64.0/18> 206313 6724 1299 7219 10990
> = 174.228.0.0/18 <http://174.228.0.0/18> 206313 6724 1299 7219 10990
> = 174.228.64.0/18 <http://174.228.64.0/18> 206313 6724 1299 7219 10990
> = 174.231.128.0/18 <http://174.231.128.0/18> 206313 6724 1299 7219 10990
> = 174.231.192.0/18 <http://174.231.192.0/18> 206313 6724 1299 7219 10990
> = 177.132.112.0/20 <http://177.132.112.0/20> 206313 6724 1299 7219 10990
> = 177.132.96.0/20 <http://177.132.96.0/20> 206313 6724 1299 7219 10990
> = 198.166.0.0/17 <http://198.166.0.0/17> 206313 6724 1299 7219 10990
> = 198.166.128.0/17 <http://198.166.128.0/17> 206313 6724 1299 7219 10990
> = 198.52.176.0/23 <http://198.52.176.0/23> 206313 6724 1299 7219 10990
> = 198.52.178.0/23 <http://198.52.178.0/23> 206313 6724 1299 7219 10990
> = 204.195.0.0/18 <http://204.195.0.0/18> 206313 6724 1299 7219 10990
> = 208.79.152.0/22 <http://208.79.152.0/22> 206313 6724 6939 10990
> = 208.79.153.0/24 <http://208.79.153.0/24> 206313 6724 6939 7219 10990
> = 216.10.190.0/24 <http://216.10.190.0/24> 206313 6724 1299 7219 10990
> = 216.10.191.0/24 <http://216.10.191.0/24> 206313 6724 1299 7219 10990
> = 24.102.64.0/19 <http://24.102.64.0/19> 206313 6724 1299 7219 10990
> = 24.102.96.0/19 <http://24.102.96.0/19> 206313 6724 1299 7219 10990
> = 24.197.208.0/21 <http://24.197.208.0/21> 206313 6724 1299 7219 10990
> = 24.197.216.0/21 <http://24.197.216.0/21> 206313 6724 1299 7219 10990
> = 24.201.64.0/19 <http://24.201.64.0/19> 206313 6724 1299 7219 10990
> = 24.201.96.0/19 <http://24.201.96.0/19> 206313 6724 1299 7219 10990
> = 24.205.160.0/20 <http://24.205.160.0/20> 206313 6724 1299 7219 10990
> = 24.205.176.0/20 <http://24.205.176.0/20> 206313 6724 1299 7219 10990
> = 24.48.0.0/19 <http://24.48.0.0/19> 206313 6724 1299 7219 10990
> = 24.48.32.0/19 <http://24.48.32.0/19> 206313 6724 1299 7219 10990
> = 24.57.0.0/17 <http://24.57.0.0/17> 206313 6724 1299 7219 10990
> = 24.57.128.0/17 <http://24.57.128.0/17> 206313 6724 1299 7219 10990
> = 24.89.16.0/20 <http://24.89.16.0/20> 206313 6724 1299 7219 10990
> = 24.90.64.0/19 <http://24.90.64.0/19> 206313 6724 1299 7219 10990
> = 24.90.96.0/19 <http://24.90.96.0/19> 206313 6724 1299 7219 10990
> = 35.211.0.0/17 <http://35.211.0.0/17> 206313 6724 1299 7219 10990
> = 35.211.128.0/17 <http://35.211.128.0/17> 206313 6724 1299 7219 10990
> = 45.48.0.0/15 <http://45.48.0.0/15> 206313 6724 1299 7219 10990
> = 45.50.0.0/15 <http://45.50.0.0/15> 206313 6724 1299 7219 10990
> = 47.218.0.0/23 <http://47.218.0.0/23> 206313 6724 1299 7219 10990
> = 47.218.2.0/23 <http://47.218.2.0/23> 206313 6724 1299 7219 10990
> = 47.32.64.0/19 <http://47.32.64.0/19> 206313 6724 1299 7219 10990
> = 47.32.96.0/19 <http://47.32.96.0/19> 206313 6724 1299 7219 10990
> = 47.36.0.0/19 <http://47.36.0.0/19> 206313 6724 1299 7219 10990
> = 47.36.32.0/19 <http://47.36.32.0/19> 206313 6724 1299 7219 10990
> = 47.39.64.0/19 <http://47.39.64.0/19> 206313 6724 1299 7219 10990
> = 47.39.96.0/19 <http://47.39.96.0/19> 206313 6724 1299 7219 10990
> = 50.88.0.0/16 <http://50.88.0.0/16> 206313 6724 1299 7219 10990
> = 50.89.0.0/16 <http://50.89.0.0/16> 206313 6724 1299 7219 10990
> = 50.92.0.0/17 <http://50.92.0.0/17> 206313 6724 1299 7219 10990
> = 50.92.128.0/17 <http://50.92.128.0/17> 206313 6724 1299 7219 10990
> = 66.65.0.0/18 <http://66.65.0.0/18> 206313 6724 1299 7219 10990
> = 66.65.64.0/18 <http://66.65.64.0/18> 206313 6724 1299 7219 10990
> = 66.68.0.0/16 <http://66.68.0.0/16> 206313 6724 1299 7219 10990
> = 66.69.0.0/16 <http://66.69.0.0/16> 206313 6724 1299 7219 10990
> = 67.149.198.0/24 <http://67.149.198.0/24> 206313 6724 1299 7219 10990
> = 67.149.199.0/24 <http://67.149.199.0/24> 206313 6724 1299 7219 10990
> = 67.247.112.0/20 <http://67.247.112.0/20> 206313 6724 1299 7219 10990
> = 67.247.96.0/20 <http://67.247.96.0/20> 206313 6724 1299 7219 10990
> = 70.83.128.0/19 <http://70.83.128.0/19> 206313 6724 1299 7219 10990
> = 70.83.160.0/19 <http://70.83.160.0/19> 206313 6724 1299 7219 10990
> = 72.137.0.0/17 <http://72.137.0.0/17> 206313 6724 1299 7219 10990
> = 72.137.128.0/17 <http://72.137.128.0/17> 206313 6724 1299 7219 10990
> = 72.140.0.0/16 <http://72.140.0.0/16> 206313 6724 1299 7219 10990
> = 72.141.0.0/16 <http://72.141.0.0/16> 206313 6724 1299 7219 10990
> = 72.53.64.0/20 <http://72.53.64.0/20> 206313 6724 1299 7219 10990
> = 72.53.80.0/20 <http://72.53.80.0/20> 206313 6724 1299 7219 10990
> = 74.56.192.0/19 <http://74.56.192.0/19> 206313 6724 1299 7219 10990
> = 74.56.224.0/19 <http://74.56.224.0/19> 206313 6724 1299 7219 10990
> = 74.59.128.0/19 <http://74.59.128.0/19> 206313 6724 1299 7219 10990
> = 74.59.160.0/19 <http://74.59.160.0/19> 206313 6724 1299 7219 10990
> = 74.76.0.0/15 <http://74.76.0.0/15> 206313 6724 1299 7219 10990
> = 74.78.0.0/15 <http://74.78.0.0/15> 206313 6724 1299 7219 10990
> = 76.168.0.0/14 <http://76.168.0.0/14> 206313 6724 1299 7219 10990
> = 76.172.0.0/14 <http://76.172.0.0/14> 206313 6724 1299 7219 10990
> = 76.86.0.0/16 <http://76.86.0.0/16> 206313 6724 1299 7219 10990
> = 76.87.0.0/16 <http://76.87.0.0/16> 206313 6724 1299 7219 10990
> = 96.3.0.0/17 <http://96.3.0.0/17> 206313 6724 1299 7219 10990
> = 96.3.128.0/17 <http://96.3.128.0/17> 206313 6724 1299 7219 10990
> = 96.32.64.0/20 <http://96.32.64.0/20> 206313 6724 1299 7219 10990
> = 96.32.80.0/20 <http://96.32.80.0/20> 206313 6724 1299 7219 10990
> = 98.148.0.0/16 <http://98.148.0.0/16> 206313 6724 1299 7219 10990
> = 98.149.0.0/16 <http://98.149.0.0/16> 206313 6724 1299 7219 10990
> = 98.32.0.0/13 <http://98.32.0.0/13> 206313 6724 1299 7219 10990
> = 98.40.0.0/13 <http://98.40.0.0/13> 206313 6724 1299 7219 10990
> = 99.225.0.0/19 <http://99.225.0.0/19> 206313 6724 1299 7219 10990
> = 99.225.192.0/19 <http://99.225.192.0/19> 206313 6724 1299 7219 10990
> = 99.225.224.0/19 <http://99.225.224.0/19> 206313 6724 1299 7219 10990
> = 99.225.32.0/19 <http://99.225.32.0/19> 206313 6724 1299 7219 10990
> = 99.240.128.0/18 <http://99.240.128.0/18> 206313 6724 1299 7219 10990
> = 99.240.192.0/18 <http://99.240.192.0/18> 206313 6724 1299 7219 10990
> = 99.254.80.0/21 <http://99.254.80.0/21> 206313 6724 1299 7219 10990
> = 99.254.88.0/21 <http://99.254.88.0/21> 206313 6724 1299 7219 10990
> = 99.255.0.0/19 <http://99.255.0.0/19> 206313 6724 1299 7219 10990
> = 99.255.32.0/19 <http://99.255.32.0/19> 206313 6724 1299 7219 10990
> 
> 
> Regards,
> 
> Aftab A. Siddiqui
> 
> 
> On Thu, 30 Jul 2020 at 12:49, Clinton Work <clinton at scripty.com <mailto:clinton at scripty.com>> wrote:
> We saw a bunch of our IP blocks hijacked by AS10990 from 19:15 MDT until 20:23 MDT.   Anybody else have problems with that. 
> 
> ASpath:  1299 7219 10990
> 
> 50.92.0.0/17 <http://50.92.0.0/17>    AS10990
> 198.166.0.0/17 <http://198.166.0.0/17>   AS10990
> 198.166.128.0/17 <http://198.166.128.0/17>        AS10990
> 162.157.128.0/17 <http://162.157.128.0/17>        AS10990
> 162.157.0.0/17 <http://162.157.0.0/17>  AS10990
> 50.92.128.0/17 <http://50.92.128.0/17>  AS10990
> 
> 
> 
> --
> Clinton Work
> Airdrie, AB

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200730/d782e1f6/attachment.html>

• Previous message (by thread): BGP route hijack by AS10990
• Next message (by thread): BGP route hijack by AS10990
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]