Prefix hijack by AS4761 (was Re: BGPMON Alert Questions)
I'm seeing the same hijack of prefixes by multiple networks under my watch, at 18:40 UTC and 19:06 UTC. -- Stephen On 2014-04-02 2:51 PM, Joseph Jenkins wrote: So I setup BGPMON for my prefixes and got an alert about someone in Thailand announcing my prefix. Everything looks fine to me and I've checked a bunch of different Looking Glasses and everything announcing correctly. I am assuming I should be contacting the provider about their misconfiguration and announcing my prefixes and get them to fix it. Any other recommendations? Is there a way I can verify what they are announcing just to make sure they are still doing it? Here is the alert for reference: Your prefix: 8.37.93.0/24: Update time: 2014-04-02 18:26 (UTC) Detected by #peers: 2 Detected prefix: 8.37.93.0/24 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761
Re: Prefix hijack by AS4761 (was Re: BGPMON Alert Questions)
yeah you're seeing the impact of a pretty broad prefix injection indosat's upstream filters seem to be working for the most part. On 4/2/14, 12:10 PM, Stephen Fulton wrote: I'm seeing the same hijack of prefixes by multiple networks under my watch, at 18:40 UTC and 19:06 UTC. -- Stephen On 2014-04-02 2:51 PM, Joseph Jenkins wrote: So I setup BGPMON for my prefixes and got an alert about someone in Thailand announcing my prefix. Everything looks fine to me and I've checked a bunch of different Looking Glasses and everything announcing correctly. I am assuming I should be contacting the provider about their misconfiguration and announcing my prefixes and get them to fix it. Any other recommendations? Is there a way I can verify what they are announcing just to make sure they are still doing it? Here is the alert for reference: Your prefix: 8.37.93.0/24: Update time: 2014-04-02 18:26 (UTC) Detected by #peers: 2 Detected prefix: 8.37.93.0/24 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761 signature.asc Description: OpenPGP digital signature
Re: Prefix hijack by AS4761 (was Re: BGPMON Alert Questions)
On Wed, Apr 2, 2014 at 3:41 PM, joel jaeggli joe...@bogus.com wrote: yeah you're seeing the impact of a pretty broad prefix injection indosat's upstream filters seem to be working for the most part. Based on the image they tweeted, I don't think they are doing much filtering; the Syrian prefix was spread to a number of countries and AS. If you have good US connectivity the impact seems limited due to better AS Paths winning, but for less well connected prefixes I'm assuming it's more up in the air. Bob
