Send sanog mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sanog.org/mailman/listinfo/sanog
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sanog digest..."
Today's Topics:
1. Re: Prefix hijacking, how to prevent and fix currently
(Suresh Ramasubramanian)
2. Re: Prefix hijacking, how to prevent and fix currently
(Octavio Alvarez)
3. Re: Prefix hijacking, how to prevent and fix currently
(Paul Wilson)
----------------------------------------------------------------------
Message: 1
Date: Thu, 28 Aug 2014 23:35:17 +0530
From: Suresh Ramasubramanian <[email protected]>
To: Srinivas Chendi <[email protected]>
Cc: SANOG <[email protected]>
Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix
currently
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"
https://www.robtex.com/as/as43239.html makes for interesting reading.
--srs (iPad)
> On 28-Aug-2014, at 23:28, Srinivas Chendi <[email protected]> wrote:
>
> Hi Tarun,
>
> If required you can also contact the RIR that allocated this AS in this case
> its RIPENCC.
>
> Thanks
> Sunny
>
> Sent from my Windows Phone
> From: Tarun Dua
> Sent: ?29/?08/?2014 1:21
> To: Anurag Bhatia
> Cc: SANOG
> Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix currently
>
> We got alerted to this by spamcop as we got a large number of abuse
> complaints for a lot of non-existent hosts.
>
> In touch with our upstream providers for this as well.
>
> -Tarun
>
> On Thu, Aug 28, 2014 at 10:36 PM, Anurag Bhatia <[email protected]> wrote:
> > Hi Tarun
> >
> >
> >
> > Yeap, it seems true. The best way to get this fixed would be via AS43239
> > itself and if they don't help (or if they intentionally doing it) then via
> > their further upstreams.
> >
> >
> > AS43239 contact details are here while their upstreams are here. You can
> > find their list of upstreams here.
> >
> > You can always contact large upstream in the chain who is transiting the
> > prefixes. If they stop, the impact will get pretty much local.
> >
> >
> > Also, FYI I don't see that prefix visible in India from that AS43239 pretty
> > much because most of networks are anyways filtering it. There's only one
> > (and valid) route object for the prefix:
> >
> > Anurags-MacBook-Pro:~ anurag$ whois -h whois.radb.net 103.20.212.0
> > route: 103.20.212.0/24
> > descr: E2E Networks Cloud Routes
> > origin: AS132420
> > country: IN
> > notify: [email protected]
> > mnt-lower: MAINT-E2E-NETWORKS-IN
> > mnt-routes: MAINT-E2E-NETWORKS-IN
> > mnt-by: MAINT-E2E-NETWORKS-IN
> > changed: [email protected] 20130603
> > source: APNIC
> > Anurags-MacBook-Pro:~ anurag$
> >
> >
> > Good luck in getting it fixed!
> >
> >
> > On Thu, Aug 28, 2014 at 10:24 PM, Tarun Dua <[email protected]> wrote:
> >>
> >> AS Number 43239
> >> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
> >>
> >> Has started hijacking our IPv4 prefix, while this prefix was NOT in
> >> production, it worries us that it was this easy for someone to hijack
> >> it.
> >>
> >> http://bgp.he.net/AS43239#_prefixes
> >>
> >> 103.20.212.0/22 <- This belongs to us.
> >>
> >> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
> >> 193.43.33.0/24 hydrocontrol S.C.R.L.
> >> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
> >>
> >> Where do we complain to get this fixed.
> >>
> >> -Tarun
> >> AS132420
> >> _______________________________________________
> >> sanog mailing list
> >> [email protected]
> >> https://lists.sanog.org/mailman/listinfo/sanog
> >
> >
> >
> >
> > --
> >
> >
> > Anurag Bhatia
> > anuragbhatia.com
> >
> > Linkedin | Twitter
> > Skype: anuragbhatia.com
> >
> > PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
> _______________________________________________
> sanog mailing list
> [email protected]
> https://lists.sanog.org/mailman/listinfo/sanog
> _______________________________________________
> sanog mailing list
> [email protected]
> https://lists.sanog.org/mailman/listinfo/sanog
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.sanog.org/pipermail/sanog/attachments/20140828/8a8ecd51/attachment-0001.html>
------------------------------
Message: 2
Date: Thu, 28 Aug 2014 12:19:30 -0700
From: Octavio Alvarez <[email protected]>
To: Tarun Dua <[email protected]>, SANOG <[email protected]>
Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix
currently
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252
This happens more often than you think. That's why BGP prefix filtering
is so important.
BGPmon [1] is a good tool to monitor BGP prefixes.
[1] http://www.bgpmon.net/
On 28/08/14 09:54, Tarun Dua wrote:
> AS Number 43239
> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
>
> Has started hijacking our IPv4 prefix, while this prefix was NOT in
> production, it worries us that it was this easy for someone to hijack
> it.
>
> http://bgp.he.net/AS43239#_prefixes
>
> 103.20.212.0/22 <- This belongs to us.
>
> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
> 193.43.33.0/24 hydrocontrol S.C.R.L.
> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
>
> Where do we complain to get this fixed.
>
> -Tarun
> AS132420
> _______________________________________________
> sanog mailing list
> [email protected]
> https://lists.sanog.org/mailman/listinfo/sanog
>
------------------------------
Message: 3
Date: Fri, 29 Aug 2014 15:09:30 +1000
From: Paul Wilson <[email protected]>
To: Tarun Dua <[email protected]>
Cc: SANOG <[email protected]>
Subject: Re: [SANOG] Prefix hijacking, how to prevent and fix
currently
Message-ID: <[email protected]>
Content-Type: text/plain; charset="us-ascii"
Tarun, good luck resolving this!
The case also illustrates the need for secure routing through RPKI and secure
BGP.
For more info on RPKI, see www.apnic.net/rpki
best,
Paul
On 29 Aug 2014, at 5:19 am, Octavio Alvarez <[email protected]> wrote:
> This happens more often than you think. That's why BGP prefix filtering
> is so important.
>
> BGPmon [1] is a good tool to monitor BGP prefixes.
>
> [1] http://www.bgpmon.net/
>
> On 28/08/14 09:54, Tarun Dua wrote:
>> AS Number 43239
>> AS Name SPETSENERGO-AS SpetsEnergo Ltd.
>>
>> Has started hijacking our IPv4 prefix, while this prefix was NOT in
>> production, it worries us that it was this easy for someone to hijack
>> it.
>>
>> http://bgp.he.net/AS43239#_prefixes
>>
>> 103.20.212.0/22 <- This belongs to us.
>>
>> 103.238.232.0/22 KNS Techno Integrators Pvt. Ltd.
>> 193.43.33.0/24 hydrocontrol S.C.R.L.
>> 193.56.146.0/24 TRAPIL - Societe des Transports Petroliers par Pipeline
>>
>> Where do we complain to get this fixed.
>>
>> -Tarun
>> AS132420
>> _______________________________________________
>> sanog mailing list
>> [email protected]
>> https://lists.sanog.org/mailman/listinfo/sanog
>>
> _______________________________________________
> sanog mailing list
> [email protected]
> https://lists.sanog.org/mailman/listinfo/sanog
------------------------------
_______________________________________________
sanog mailing list
[email protected]
https://lists.sanog.org/mailman/listinfo/sanog
End of sanog Digest, Vol 31, Issue 7
************************************
