Telstra Hijack

• Previous message (by thread): Telstra Hijack
• Next message (by thread): Hulu Contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Ross,

Just to confirm the AS1221 incident (INC000094009293) was resolved approx. 20:32 29/09/20 (UTC).

If anyone has further issues feel free to email me off-thread.

Regards,

-Mark
Senior Network Engineer
AS1221


Sent from my iPhone

> On 30 Sep 2020, at 07:30, Ross Tajvar <ross at tajvar.io> wrote:
> 
> Bad prefixes are all gone. This looks resolved from my point of view.
> 
> On Tue, Sep 29, 2020 at 5:18 PM Ross Tajvar <ross at tajvar.io> wrote:
>> I'm still seeing bad prefixes from Cogent, but our other upstreams (NTT, GTT, Telia) blocked them.
>> 
>> On Tue, Sep 29, 2020 at 5:09 PM Sadiq Saif <lists at sadiqsaif.com> wrote:
>>> On Tue, 29 Sep 2020, at 16:36, Ross Tajvar wrote:
>>> > I'm surprised no one else has mentioned this yet, but Telstra is 
>>> > hijacking a lot of prefixes:
>>> > 
>>> > https://rpki.cloudflare.com/?view=bgp&prefix=&asn=1221&validState=Invalid 
>>> > 
>>> > Since we don't have RPKI filtering in our network (yet), we are 
>>> > currently filtering everything with the path ".* 4637 1221$". 
>>> > 
>>> > This is of course taking a while...
>>> 
>>> My employer's prefixes were affected, I posted about it on the AusNOG list so I could get some assistance. It has cleared up now but it took about two hours or so.
>>> 
>>> I saw AS paths like this from HE's looking glass:
>>> 6461x4, 4637x11, 1221
>>> 
>>> I would love to know what the root cause of the leak was.
>>> 
>>> -- 
>>>   Sadiq Saif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200930/75b94056/attachment.html>

• Previous message (by thread): Telstra Hijack
• Next message (by thread): Hulu Contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]