Hi Grzegorz,
.-- My secret spy satellite informs me that at 08/04/10 9:33 AM
Grzegorz Janoszka wrote:
Just half an hour ago China Telecom hijacked one of our prefixes:
Your prefix: X.Y.Z.0/19:
Prefix Description: NETNAME
Update time: 2010-04-08 15:58 (UTC)
Detected by #peers: 1
Detected prefix: X.Y.Z.0/19
Announced by: AS23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications
Corporation)
Upstream AS: AS4134 (CHINANET-BACKBONE No.31,Jin-rong Street)
ASpath: 39792 4134 23724 23724
Luckily it had to be limited as only one BGPmon peer saw it. Anyone else
noticed it?
Yes many prefixes have been 'impacted' by this. These include prefixes
for websites such as dell.com and cnn.com.
The event has been detected globally by peers in Rusia, USA, Japan and
Brazil.
However not all individual prefix 'hijacks' were detected globally, many
only by one or 2 peers, in one or 2 countries, but some by more.
The common part in the ASpath is
4134 23724
Which are:
AS4134 CHINANET-BACKBONE No.31,Jin-rong Street
AS23724 CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation
ASns peering with AS4134 seem to have picked this up and propagated that
to their customers.
Some of these ASns include:
AS9002 RETN-AS ReTN.net Autonomous System
AS12956 TELEFONICA Telefonica Backbone Autonomous System
AS209 ASN-QWEST - Qwest Communications Company, LLC
AS3320 DTAG Deutsche Telekom AG
AS3356 LEVEL3 Level 3 Communications
AS7018 ATT-INTERNET4 - AT&T WorldNet Services
All RIS peers that detected this where behind (transit/peer) one of
those ANS's.
Most 'alerts' have now been cleared, they typically lasted a few minutes.
Cheers,
Andree
