Amprnet? (was Re: [anti-abuse-wg] Yet another BGP hijacking towards AS16509)
borg at uu3.net
borg at uu3.net
Tue Aug 30 07:49:41 UTC 2022
Yeah, ARDC sold part of it to Amazon. I doubt they even had right to do
so due to 44/8 was an legacy IP range.. ARIN allowed it.. All too shady.
Anyway, according to AMPRnet that range was unallocated, so no active
radio ham networks were at that range, so I doubt it was someone
from AMPRnet. Getting parts of 44/8 reannounced by different gw
than ucsd.edu is not that easy after all.
---------- Original message ----------
From: Ellenor Agnes Bjornsdottir <large.hadron.collider at gmx.com>
To: nanog at nanog.org
Subject: Amprnet? (was Re: [anti-abuse-wg] Yet another BGP hijacking towards
Date: Tue, 30 Aug 2022 04:13:24 +0000
Wasn't 44/8 the space for AMPRNet?
I looked it up and they sold part of it to Amazon. Ok. Got it.
Possible that a potential highjack could be a good faith radio ham who
hasn't somehow been updated on the sale of that space? Or more likely to
be a malicious highjack?
On 8/23/22 02:05, Siyuan Miao wrote:
> Amazon was only announcing 220.127.116.11/11 <http://18.104.22.168/11> at first.
> On Tue, Aug 23, 2022 at 4:03 AM Ronald F. Guilmette
> <rfg at tristatelogic.com> wrote:
> In message
> <CAO3CAMoT9gC_Evd-CcZg06A-o_MajmLtxLHbXFnauDoMyqoSYg at mail.gmail.com>,
> Siyuan Miao <siyuan at misaka.io> wrote:
> >Hjacking didn't last too long. AWS started announcing a more specific
> >announcement to prevent hijacking around 3 hours later. Kudos to
> >security team :-)
> Sorry. I'm missing something here. If the hijack was of
> 22.214.171.124/24 <http://126.96.36.199/24>, then
> how did AWS propagate a "more specific" than that?
> To unsubscribe from this mailing list, get a password reminder, or
> change your subscription options, please visit:
More information about the NANOG