Telstra Hijack
Mark Duffell
mark at duffell.net
Fri Oct 2 13:51:59 UTC 2020
Cross-post from Russ on AusNOG list.
Telstra blog post on issue is now live - http://exchange.telstra.com.au/an-update-on-our-september-30-bgp-issue/
Regards,
Mark
Sent from my iPhone
> On 30 Sep 2020, at 08:29, Mark Duffell <mark at duffell.net> wrote:
>
> Hi Ross,
>
> Just to confirm the AS1221 incident (INC000094009293) was resolved approx. 20:32 29/09/20 (UTC).
>
> If anyone has further issues feel free to email me off-thread.
>
> Regards,
>
> -Mark
> Senior Network Engineer
> AS1221
>
>
> Sent from my iPhone
>
>> On 30 Sep 2020, at 07:30, Ross Tajvar <ross at tajvar.io> wrote:
>>
>> Bad prefixes are all gone. This looks resolved from my point of view.
>>
>> On Tue, Sep 29, 2020 at 5:18 PM Ross Tajvar <ross at tajvar.io> wrote:
>>> I'm still seeing bad prefixes from Cogent, but our other upstreams (NTT, GTT, Telia) blocked them.
>>>
>>> On Tue, Sep 29, 2020 at 5:09 PM Sadiq Saif <lists at sadiqsaif.com> wrote:
>>>> On Tue, 29 Sep 2020, at 16:36, Ross Tajvar wrote:
>>>> > I'm surprised no one else has mentioned this yet, but Telstra is
>>>> > hijacking a lot of prefixes:
>>>> >
>>>> > https://rpki.cloudflare.com/?view=bgp&prefix=&asn=1221&validState=Invalid
>>>> >
>>>> > Since we don't have RPKI filtering in our network (yet), we are
>>>> > currently filtering everything with the path ".* 4637 1221$".
>>>> >
>>>> > This is of course taking a while...
>>>>
>>>> My employer's prefixes were affected, I posted about it on the AusNOG list so I could get some assistance. It has cleared up now but it took about two hours or so.
>>>>
>>>> I saw AS paths like this from HE's looking glass:
>>>> 6461x4, 4637x11, 1221
>>>>
>>>> I would love to know what the root cause of the leak was.
>>>>
>>>> --
>>>> Sadiq Saif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201002/296457f2/attachment.html>
More information about the NANOG
mailing list