Send sanog mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sanog.org/mailman/listinfo/sanog
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sanog digest..."
Today's Topics:
1. Prefix hijacking, how to prevent and fix currently (Tarun Dua)
2. Re: Prefix hijacking, how to prevent and fix currently
(Anurag Bhatia)
3. Re: Prefix hijacking, how to prevent and fix currently (Tarun Dua)
4. Re: Prefix hijacking, how to prevent and fix currently
(Srinivas Chendi)
----------------------------------------------------------------------
Message: 1
Date: Thu, 28 Aug 2014 22:24:24 +0530
From: Tarun Dua <[email protected]>
To: SANOG <[email protected]>
Subject: [SANOG] Prefix hijacking, how to prevent and fix currently
Message-ID:
<CAAjbWEo3hFELExcr=5t9v99fzmoffr3tnup6+kbdnypvrd4...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
AS Number 43239
AS Name SPETSENERGO-AS SpetsEnergo Ltd.
Has started hijacking our IPv4 prefix, while this prefix was NOT in
production, it worries us that it was this easy for someone to hijack
it.
http://bgp.he.net/AS43239#_prefixes
103.20.212.0/22 <- This belongs to us.
103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
193.43.33.0/24 hydrocontrol S.C.R.L.
193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
Where do we complain to get this fixed.
-Tarun
AS132420
------------------------------
Message: 2
Date: Thu, 28 Aug 2014 22:36:59 +0530
From: Anurag Bhatia <[email protected]>
To: Tarun Dua <[email protected]>
Cc: SANOG <[email protected]>
Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix
currently
Message-ID:
<caj0+axbdsneu8-cozn0b4t7bahwk43eiaf1dtpcmqytyrpx...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi Tarun
Yeap, it seems true. The best way to get this fixed would be via AS43239
itself and if they don't help (or if they intentionally doing it) then via
their further upstreams.
AS43239 contact details are here <http://bgp.he.net/AS43239#_whois> while
their upstreams are here. You can find their list of upstreams here
<http://bgp.he.net/AS43239#_graph4>.
You can always contact large upstream in the chain who is transiting the
prefixes. If they stop, the impact will get pretty much local.
Also, FYI I don't see that prefix visible in India from that AS43239 pretty
much because most of networks are anyways filtering it. There's only one
(and valid) route object for the prefix:
Anurags-MacBook-Pro:~ anurag$ whois -h whois.radb.net 103.20.212.0
route: 103.20.212.0/24
descr: E2E Networks Cloud Routes
origin: AS132420
country: IN
notify: [email protected]
mnt-lower: MAINT-E2E-NETWORKS-IN
mnt-routes: MAINT-E2E-NETWORKS-IN
mnt-by: MAINT-E2E-NETWORKS-IN
changed: [email protected] 20130603
source: APNIC
Anurags-MacBook-Pro:~ anurag$
Good luck in getting it fixed!
On Thu, Aug 28, 2014 at 10:24 PM, Tarun Dua <[email protected]> wrote:
> AS Number 43239
> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
>
> Has started hijacking our IPv4 prefix, while this prefix was NOT in
> production, it worries us that it was this easy for someone to hijack
> it.
>
> http://bgp.he.net/AS43239#_prefixes
>
> 103.20.212.0/22 <- This belongs to us.
>
> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
> 193.43.33.0/24 hydrocontrol S.C.R.L.
> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
>
> Where do we complain to get this fixed.
>
> -Tarun
> AS132420
> _______________________________________________
> sanog mailing list
> [email protected]
> https://lists.sanog.org/mailman/listinfo/sanog
>
--
Anurag Bhatia
anuragbhatia.com
Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter
<https://twitter.com/anurag_bhatia>
Skype: anuragbhatia.com
PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.sanog.org/pipermail/sanog/attachments/20140828/e127eeee/attachment-0001.html>
------------------------------
Message: 3
Date: Thu, 28 Aug 2014 22:51:31 +0530
From: Tarun Dua <[email protected]>
To: Anurag Bhatia <[email protected]>
Cc: SANOG <[email protected]>
Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix
currently
Message-ID:
<caajbweoc816j6xm6trhgnu33hvxvhunp0byhepiayd20s8a...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
We got alerted to this by spamcop as we got a large number of abuse
complaints for a lot of non-existent hosts.
In touch with our upstream providers for this as well.
-Tarun
On Thu, Aug 28, 2014 at 10:36 PM, Anurag Bhatia <[email protected]> wrote:
> Hi Tarun
>
>
>
> Yeap, it seems true. The best way to get this fixed would be via AS43239
> itself and if they don't help (or if they intentionally doing it) then via
> their further upstreams.
>
>
> AS43239 contact details are here while their upstreams are here. You can
> find their list of upstreams here.
>
> You can always contact large upstream in the chain who is transiting the
> prefixes. If they stop, the impact will get pretty much local.
>
>
> Also, FYI I don't see that prefix visible in India from that AS43239 pretty
> much because most of networks are anyways filtering it. There's only one
> (and valid) route object for the prefix:
>
> Anurags-MacBook-Pro:~ anurag$ whois -h whois.radb.net 103.20.212.0
> route: 103.20.212.0/24
> descr: E2E Networks Cloud Routes
> origin: AS132420
> country: IN
> notify: [email protected]
> mnt-lower: MAINT-E2E-NETWORKS-IN
> mnt-routes: MAINT-E2E-NETWORKS-IN
> mnt-by: MAINT-E2E-NETWORKS-IN
> changed: [email protected] 20130603
> source: APNIC
> Anurags-MacBook-Pro:~ anurag$
>
>
> Good luck in getting it fixed!
>
>
> On Thu, Aug 28, 2014 at 10:24 PM, Tarun Dua <[email protected]> wrote:
>>
>> AS Number 43239
>> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
>>
>> Has started hijacking our IPv4 prefix, while this prefix was NOT in
>> production, it worries us that it was this easy for someone to hijack
>> it.
>>
>> http://bgp.he.net/AS43239#_prefixes
>>
>> 103.20.212.0/22 <- This belongs to us.
>>
>> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
>> 193.43.33.0/24 hydrocontrol S.C.R.L.
>> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
>>
>> Where do we complain to get this fixed.
>>
>> -Tarun
>> AS132420
>> _______________________________________________
>> sanog mailing list
>> [email protected]
>> https://lists.sanog.org/mailman/listinfo/sanog
>
>
>
>
> --
>
>
> Anurag Bhatia
> anuragbhatia.com
>
> Linkedin | Twitter
> Skype: anuragbhatia.com
>
> PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
------------------------------
Message: 4
Date: Thu, 28 Aug 2014 17:58:33 +0000
From: Srinivas Chendi <[email protected]>
To: Tarun Dua <[email protected]>, Anurag Bhatia
<[email protected]>
Cc: SANOG <[email protected]>
Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix
currently
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="windows-1256"
Hi Tarun,
If required you can also contact the RIR that allocated this AS in this case
its RIPENCC.
Thanks
Sunny
Sent from my Windows Phone
________________________________
From: Tarun Dua<mailto:[email protected]>
Sent: ?29/?08/?2014 1:21
To: Anurag Bhatia<mailto:[email protected]>
Cc: SANOG<mailto:[email protected]>
Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix currently
We got alerted to this by spamcop as we got a large number of abuse
complaints for a lot of non-existent hosts.
In touch with our upstream providers for this as well.
-Tarun
On Thu, Aug 28, 2014 at 10:36 PM, Anurag Bhatia <[email protected]> wrote:
> Hi Tarun
>
>
>
> Yeap, it seems true. The best way to get this fixed would be via AS43239
> itself and if they don't help (or if they intentionally doing it) then via
> their further upstreams.
>
>
> AS43239 contact details are here while their upstreams are here. You can
> find their list of upstreams here.
>
> You can always contact large upstream in the chain who is transiting the
> prefixes. If they stop, the impact will get pretty much local.
>
>
> Also, FYI I don't see that prefix visible in India from that AS43239 pretty
> much because most of networks are anyways filtering it. There's only one
> (and valid) route object for the prefix:
>
> Anurags-MacBook-Pro:~ anurag$ whois -h whois.radb.net 103.20.212.0
> route: 103.20.212.0/24
> descr: E2E Networks Cloud Routes
> origin: AS132420
> country: IN
> notify: [email protected]
> mnt-lower: MAINT-E2E-NETWORKS-IN
> mnt-routes: MAINT-E2E-NETWORKS-IN
> mnt-by: MAINT-E2E-NETWORKS-IN
> changed: [email protected] 20130603
> source: APNIC
> Anurags-MacBook-Pro:~ anurag$
>
>
> Good luck in getting it fixed!
>
>
> On Thu, Aug 28, 2014 at 10:24 PM, Tarun Dua <[email protected]> wrote:
>>
>> AS Number 43239
>> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
>>
>> Has started hijacking our IPv4 prefix, while this prefix was NOT in
>> production, it worries us that it was this easy for someone to hijack
>> it.
>>
>> http://bgp.he.net/AS43239#_prefixes
>>
>> 103.20.212.0/22 <- This belongs to us.
>>
>> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
>> 193.43.33.0/24 hydrocontrol S.C.R.L.
>> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
>>
>> Where do we complain to get this fixed.
>>
>> -Tarun
>> AS132420
>> _______________________________________________
>> sanog mailing list
>> [email protected]
>> https://lists.sanog.org/mailman/listinfo/sanog
>
>
>
>
> --
>
>
> Anurag Bhatia
> anuragbhatia.com
>
> Linkedin | Twitter
> Skype: anuragbhatia.com
>
> PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
_______________________________________________
sanog mailing list
[email protected]
https://lists.sanog.org/mailman/listinfo/sanog
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.sanog.org/pipermail/sanog/attachments/20140828/44854a6b/attachment.html>
------------------------------
_______________________________________________
sanog mailing list
[email protected]
https://lists.sanog.org/mailman/listinfo/sanog
End of sanog Digest, Vol 31, Issue 6
************************************
