Margi,
I ran into that years ago with AWS. I had a service provider clearing
calls for me, and they were hosted on AWS. Kept pushing my service
provider to open tickets with AWS. The issue would resolve for a day,
then return, etc. There was no permanent resolution offered by
AWS.
We have seen this in our consulting business with a large number of
smaller ISPs both FISP and WISPS
Often it is due to traffic leaving the network they believe to be an attack.
If you let them know the Network Blocks, ASN, etc in an email to
ab...@amazonaws.com they are very responsive.
I
You didn’t specify anything that would be useful to narrow down the issue (i.e.
location, asn, error codes, etc) - We had a somewhat similar issue at DET-IX
with routes to us-east-1 and us-east-2 seeing a lot of packet loss, but AWS
eventually just de-peered the exchange entirely since it was
Matt/Giorgio,
See my answers inline to Matt's line of questioning below, but the
basics are that those prefixes and AS number were owned by S2NL and used
for years. After all the employees were let go (including me), this
router in question was compromised, and the ssh and enable were
Hi Nanog,
We are seeing this weird issue in one part of the network. Customers in one
public subnet are not able to reach certain websites suddenly which are hosted
in AWS like slack.com, bill.com..
We changed the subnet to new one and issue resolved, after 48 hours, we have
the same issue
On Thu Jul 20 Mike Hammet wrote:
> If they (or anyone else) want to give me free service to use as I see fit
> (well, legally), I'll gladly accept their offer.
I once had free IP transit from Cogent for about a year after I told them to
shove it.
Not that it did me much good.
- Jared
Martin,
It's my former employer's router. It's more like a 4 hour day to get
in/out of the city even though I'm only 20 miles from the PoP. Top that
off with a $90 parking bill. Nobody is paying me to do that work.
There are no more employees left in the company.
Pete
Stage2 "Survivor
*N88 YouTube Video of the Week *
*Check out our Most Viewed NANOG 88 Video of the Week *
*"The Proper Way To Prepare For A Network Engineering Job Interview With A
Tech Giant" with Kam Agahian.*
*Why it's worth your time:* Part 2 of a popular previous talk at NANOG 76.
Agahian covers the main
*N88 YouTube Video of the Week *
*Check out our Most Viewed NANOG 88 Video of the Week *
*"The Proper Way To Prepare For A Network Engineering Job Interview With A
Tech Giant" with Kam Agahian.*
*Why it's worth your time:* Part 2 of a popular previous talk at NANOG 76.
Agahian covers the main
On Thu, Jul 20, 2023 at 2:34 PM Ian Chilton wrote:
> On Thu, 20 Jul 2023, at 7:02 PM, Martin Hannigan wrote:
>
> Pete, if all the data I see ties together like it looks aren't you able to
> take the 15m taxi ride to 60 Hudson and recover the router or shut it off?
> It's your router. Right?
>
>
On Thu, 20 Jul 2023, at 7:02 PM, Martin Hannigan wrote:
> Pete, if all the data I see ties together like it looks aren't you able to
> take the 15m taxi ride to 60 Hudson and recover the router or shut it off?
> It's your router. Right?
I would assume if the company no longer exists, they won't
Pete, if all the data I see ties together like it looks aren't you able to
take the 15m taxi ride to 60 Hudson and recover the router or shut it off?
It's your router. Right?
On Thu, Jul 20, 2023 at 11:10 AM Pete Rohrman
wrote:
> Ben,
>
> Compromised as in a nefarious entity went into the
Do you mind following up on Matthew’s request for details - really interested
to see the threat model there and how the RPKI part played out?
On 20 Jul 2023, at 18:06, Pete Rohrman wrote:
All,
Cogent has shut down the compromised router. This issue is resolved. Thank
you all
Heck, I can’t even get Cogent to keep my paid services functional; going on
four weeks with an unusable 10gig point to point.
From: NANOG on behalf
of Mike Hammett
Date: Thursday, July 20, 2023 at 1:03 PM
To: Tom Beecher
Cc: nanog@nanog.org
Subject: Re: Cogent Abuse - Bogus Propagation of
I've told all Cogent reps that have ever called me that I would never,
under any circumstances, use their service. even if they provided it
to me free of charge...
Friends don't let friends use Cogent.
-Mike
On Thu, Jul 20, 2023 at 10:02 AM Mike Hammett wrote:
>
> If they (or anyone else) want
All,
Cogent has shut down the compromised router. This issue is resolved.
Thank you all for your help.
Pete
Stage2 "Survivor Island" Bronze Medal Winner
On 7/20/23 12:59, Mike Hammett wrote:
If they (or anyone else) want to give me free service to use as I see
fit (well, legally),
If they (or anyone else) want to give me free service to use as I see fit
(well, legally), I'll gladly accept their offer.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Tom Beecher"
>
> In short--I'm having a hard time understanding how a non-paying entity
> still has working connectivity and BGP sessions, which makes me suspect
> there's a different side to this story we're not hearing yet. ^_^;
>
I know Cogent has long offered very cheap transit prices, but this seems
On Thu, Jul 20, 2023 at 8:06 AM Pete Rohrman
wrote:
> On 7/20/23 10:40, Ben Cox wrote:
>> Can you confirm what you mean by compromised here?
> Compromised as in a nefarious entity went into the router and changed
> passwords and did whatever.
Hi Pete,
I think Ben is asking you to "be more
On Thu, Jul 20, 2023 at 8:09 AM Pete Rohrman
wrote:
> Ben,
>
> Compromised as in a nefarious entity went into the router and changed
> passwords and did whatever. Everything advertised by that comprised router
> is bogus. The compromised router is owned by OrgID: S2NL (now defunct).
> AS 36471
Ben,
Compromised as in a nefarious entity went into the router and changed
passwords and did whatever. Everything advertised by that comprised
router is bogus. The compromised router is owned by OrgID: S2NL (now
defunct). AS 36471 belongs to KDSS-23
Can you confirm what you mean by compromised here?
The prefixes currently (as far as I can see from bgp.tools) originated are:
Prefix Description
209.255.244.0/24 Windstream Communications LLC
209.255.245.0/24 CONSOLIDATED TECHNOLOGIES INC 325 HUDSON
209.255.246.0/24 Windstream
NANOG,
A customer of Cogent has a compromised router that is announcing
prefixes sourced from AS 36471. Cogent is propagating that to the
world. Problem is, those prefixes and AS don't belong to that customer
of Cogent - AS 36471 belongs to Kratos Defense & Security Solutions,
Inc. (see
23 matches
Mail list logo