Yes, we don't validate those prefixes cause we filter them strict.
in our measurements, an rpki-based origin check is significantly faster
than an acl of non-trivial length.
randy
On Thursday, April 10, 2014 09:18:34 AM Randy Bush wrote:
in our measurements, an rpki-based origin check is
significantly faster than an acl of non-trivial length.
Ultimately, at some point in the future, it is not
completely unreasonable to think that some operators could
attempt control
as folk start to roll out rejection of invalids, we might think about
how we report problems with folk registering inadequate roas, covering
their customers, covering their deaggs (maybe deaggs get what they
deserve), etc. if they are not clued enough to generate prudent roas,
they will not be
On Thursday, April 10, 2014 12:30:51 PM Randy Bush wrote:
as folk start to roll out rejection of invalids, we might
think about how we report problems with folk registering
inadequate roas, covering their customers, covering
their deaggs (maybe deaggs get what they deserve), etc.
if they
On Thu, Apr 10, 2014 at 9:26 AM, Mark Tinka mark.ti...@seacom.mu wrote:
On Thursday, April 10, 2014 12:30:51 PM Randy Bush wrote:
as folk start to roll out rejection of invalids, we might
think about how we report problems with folk registering
inadequate roas, covering their customers,
Hi Mark,
On Thu, 3 Apr 2014, Mark Tinka wrote:
On Thursday, April 03, 2014 02:22:44 AM Randy Bush wrote:
and, btw, how many of those whose prefixes were
mis-originated had registered those prefixes in the
rpki?
It is probably a bit of a hammer at this stage, but we are
in limited
On Tuesday, April 08, 2014 11:24:07 AM Jac Kloots wrote:
We (SURFnet, AS1103) are in the same position and I wrote
an article about the evaluation we did before deciding
on dropping invalids (https://blog.surfnet.nl/?p=3159)
Sounds great, Jac!
In your report, you mention that you're not
Mark,
On Tue, 8 Apr 2014, Mark Tinka wrote:
On Tuesday, April 08, 2014 11:24:07 AM Jac Kloots wrote:
We (SURFnet, AS1103) are in the same position and I wrote
an article about the evaluation we did before deciding
on dropping invalids (https://blog.surfnet.nl/?p=3159)
Sounds great, Jac!
On Tuesday, April 08, 2014 01:20:23 PM Jac Kloots wrote:
Yes, we don't validate those prefixes cause we filter
them strict. We know from all our customers which
prefixes they use so we have prefix-filters placed on
all their connections.
Good point.
We do both - prefix list + AS_PATH
On Sat, Apr 5, 2014 at 7:11 AM, Mark Tinka mark.ti...@seacom.mu wrote:
So do you know whether anyone has any idea about what the
top 10 global carriers are doing re: RPKI?
Thinking? Justifying? Testing? Ignoring?
These looking glasses are helpful:
On Sunday, April 06, 2014 02:34:47 PM Sharon Goldberg wrote:
But naturally it's harder to see who has turned on origin
validation.
Indeed, especially since there is no co-relation between
providers issuing ROA's for their own allocations and
turning on origin validation in their network.
On Friday, April 04, 2014 09:58:42 AM Vitkovský Adam wrote:
I wonder when (or if ever) we'll have such a discussion
about data packets, i.e. finding that someone is not
doing packet-filtering based on BGP updates is
absolutely and unacceptably shocking!
Well, filtering in the data plane is
On Friday, April 04, 2014 12:31:35 PM Benno Overeinder
wrote:
With ROAs published and a small percentage (order of 5%)
of the largest ISPs doing route origin validation, this
would filter the incorrect announcement and result in
about ~98% globally correct routes in the 35000 ASes
(this
On Friday, April 04, 2014 05:17:36 PM Sharon Goldberg wrote:
Right, we didn't include that in our analysis because we
didn't have a good sense for how many ISPs actually do
filter their downstream downstreams. So we chose to give
a conservative estimate of the impact of prefix
filtering in
That Upstream B is simply accepting everything
their customer is sending to them without applying proper filters, or checking
to confirm that what their customer needs to send them should come from
them is absolutely and unacceptably shocking!
I wonder when (or if ever) we'll have such a
On 04/04/2014 05:06 AM, Sharon Goldberg wrote:
Finally, like Randy says, RPKI deploys quite different from BGPSEC. My
intuition says that (1) once the RPKI is fully populated with ROAs for all
originated prefixes, then (2) a partial deployment of origin validation at
a few large ISPs should be
On Fri, Apr 4, 2014 at 1:15 AM, Mark Tinka mark.ti...@seacom.mu wrote:
On Friday, April 04, 2014 05:06:22 AM Sharon Goldberg wrote:
We also looked at prefix filtering and found that it has
better partial deployment characteristics. Our analysis
assumed that ISPs only filter routes from
On 04/04/2014 16:17, Sharon Goldberg wrote:
we assumed that no one filters their downstreams downstreams.
plenty of organisations do this. it can easily be done with irrdb AS sets.
Nick
On Fri, Apr 4, 2014 at 11:17 AM, Sharon Goldberg gol...@cs.bu.edu wrote
Actually, since this is NANOG, might as well ask:
Do you all view filtering your downstream's downstreams as much more
difficult than filtering only downstreams, or only stub ASes? Do you have
a sense for how many
So we're somewhat safe until the fast food burger grills and fries
cookers advance to level-3 routing? Or Daquiri blenders get their own
ASNs?
that happened in the late '90s
Bad enough that professional folks can goof to this extent
luckily, you, valdis, and i never make mistakes :)
the
On Thu, 03 Apr 2014 15:00:41 +0900, Randy Bush said:
Bad enough that professional folks can goof to this extent
luckily, you, valdis, and i never make mistakes :)
You must have me confused with somebody else. I wouldn't have a world-wide
reputation for getting myself out of holes I've dug
On 3 April 2014 04:43, Randy Bush ra...@psg.com wrote:
i very much doubt this is a 7007, where bgp was redistributed into rip,
which sliced it into a jillion /24s, and then redistributed from rip
back into bgp.
I could be wrong, but I thought AS7007 was nothing to do with RIP?
On Wednesday, April 02, 2014 08:59:58 PM Justin M. Streiner
wrote:
It's pretty clear that both parties have dropped the ball
in a big way, in terms of sane BGP filtering practices.
It's amazing, isn't it?
I have a customer of one my upstreams (Upstream A), at the
moment, who are leaking my
On 4/2/2014 11:30 PM, Barry Greene wrote:
Hi Team,
Confirmation from my team talking directly to Indosat - self inflected with a
bad update during a maintenance window. Nothing malicious or intentional.
Barry
Did you get any details on what specifically went wrong? I don't recall
any
On 03/04/2014 13:09, ML wrote:
Did you get any details on what specifically went wrong? I don't recall
any switch in my routing gear to re-originate every prefix on the planet
as my own.
Easy enough to do by e.g. redistributing your ebgp into your IGP and then
back again, or by a variety of
On Thursday, April 03, 2014 02:22:44 AM Randy Bush wrote:
and, btw, how many of those whose prefixes were
mis-originated had registered those prefixes in the
rpki?
It is probably a bit of a hammer at this stage, but we are
in limited deployment of dropping all Invalids using RPKI.
We shall
It is probably a bit of a hammer at this stage, but we are
in limited deployment of dropping all Invalids using RPKI.
We shall be rolling out, network-wide, in 2014, where all
Invalids are dropped. At this stage, short of a mis-
origination, it's mostly longer prefixes of an aggregate
I wonder who we should be going after here? Indosat or their
upstream? Probably both, since if this happened with an ISP
deeper in the Internet core, chances are they don't have
what our concept of an upstream is.
you want revenge or to prevent the effects of recurrence?
one nice thing
Was a specific Upstream at fault or several upstream providers? It
appears they have 9 upstream links --
http://www.cidr-report.org/cgi-bin/as-report?as=4761
On 4/3/2014 8:41 AM, Mark Tinka wrote:
I wonder who we should be going after here? Indosat or their
upstream?
On 03/04/2014 13:41, Mark Tinka wrote:
max-prefix could have come in handy here. But this is an
old song (let alone prefix filtering or RPKI).
I'm currently seeing ~100 prefixes originating from 4761, and an additional
725 transited through 4761. This would not be difficult to handle with
On Thursday, April 03, 2014 02:51:20 PM Randy Bush wrote:
you want revenge or to prevent the effects of recurrence?
I'd like to consider targeted suggestions for fixes that
address the specific challenges affecting seasoned
upstreams vs. their downstream customers.
I can understand how an
Network Operators' Group
Subject: Re: BGPMON Alert Questions
note joels careful use of 'injected'. imiho, 'hijacked' is perjorative
implying evil intent. i very much doubt that is the case here. it
looks much more like an accident. could we try to be less accusatory
with our language
On Thu, Apr 3, 2014 at 9:15 AM, Mark Tinka mark.ti...@seacom.mu wrote:
On Thursday, April 03, 2014 02:51:20 PM Randy Bush wrote:
you want revenge or to prevent the effects of recurrence?
I'd like to consider targeted suggestions for fixes that
address the specific challenges affecting
On Thursday, April 03, 2014 02:57:31 PM Nick Hilliard wrote:
I'm currently seeing ~100 prefixes originating from 4761,
and an additional 725 transited through 4761. This
would not be difficult to handle with prefix lists,
assuming some level of automation.
Indeed.
I, for example, have an
On Thursday, April 03, 2014 02:52:16 PM Anthony Williams
wrote:
Was a specific Upstream at fault or several upstream
providers? It appears they have 9 upstream links --
http://www.cidr-report.org/cgi-bin/as-report?as=4761
There probably won't be only one provider at fault. It could
be all
On Thursday, April 03, 2014 03:55:11 PM Christopher Morrow
wrote:
I'm going to guess:
1) who's going to pay for the filtering setup work?
Well, your customers are paying you to ensure they don't get
cut off due to your negligence.
You also don't want to become a watch-out-for-that-one
On Thu, Apr 3, 2014 at 11:05 AM, Mark Tinka mark.ti...@seacom.mu wrote:
On Thursday, April 03, 2014 03:55:11 PM Christopher Morrow
wrote:
I'm going to guess:
1) who's going to pay for the filtering setup work?
Well, your customers are paying you to ensure they don't get
cut off due to
On Thursday, April 03, 2014 05:13:40 PM Christopher Morrow
wrote:
I think you mean they are paying me to carry their bits
across the network... and they are paying me to do it
with minimal hassle to THEM... telling me prefixes to
add to their list is hassle.
Agree - but, as an operator,
On Thu, Apr 3, 2014 at 11:13 AM, Christopher Morrow morrowc.li...@gmail.com
wrote:
On Thu, Apr 3, 2014 at 11:05 AM, Mark Tinka mark.ti...@seacom.mu wrote:
On Thursday, April 03, 2014 03:55:11 PM Christopher Morrow
wrote:
I'm going to guess:
1) who's going to pay for the filtering
On Thu, Apr 3, 2014 at 2:31 PM, Tony Tauber ttau...@1-4-5.net wrote:
On Thu, Apr 3, 2014 at 11:13 AM, Christopher Morrow
morrowc.li...@gmail.com wrote:
I know this old saw and sales people will apply pressure to Ops if their
customers balk at the extra overhead.
The time is now to push back,
one nice thing about origin validation is that anyone who validates
anywhere on the internet can reject the mis-origination(s).
+1.
a non-op sec person who follows nanog in read-only mode pointed out in
private email that this is a subtle difference from prefix filtering.
in general, i can not
Good point, which makes me ask: So which 5 to 10 networks,
implementing source validation, could result in the greatest
coverage or protection for the largest part of the Internet
to the best of my knowledge, no one has looked at this for origin
validation. sharon goldberg and co-conspirators
On Thu, Apr 3, 2014 at 8:50 PM, Randy Bush ra...@psg.com wrote:
Good point, which makes me ask: So which 5 to 10 networks,
implementing source validation, could result in the greatest
coverage or protection for the largest part of the Internet
to the best of my knowledge, no one has
On Friday, April 04, 2014 05:06:22 AM Sharon Goldberg wrote:
We also looked at prefix filtering and found that it has
better partial deployment characteristics. Our analysis
assumed that ISPs only filter routes from their *stub*
customers. (We defined a stub an AS that does not have
its own
I just received the same exact notification -- same AS announcing one of my
blocks.
On Wed, Apr 2, 2014 at 2:51 PM, Joseph Jenkins
j...@breathe-underwater.comwrote:
So I setup BGPMON for my prefixes and got an alert about someone in
Thailand announcing my prefix. Everything looks fine to me
I received a similar notification about one of our prefixes also a few
minutes ago. I couldn't find a looking glass for AS4761 or AS4651. But I
also couldn't hit the websites for either AS, either.
Frank
-Original Message-
From: Joseph Jenkins [mailto:j...@breathe-underwater.com]
I have received those for two prefixes so far.
Same origin+transit
Br,
Tolli
On 2.4.2014, at 18:57, Joseph Jenkins j...@breathe-underwater.com wrote:
So I setup BGPMON for my prefixes and got an alert about someone in
Thailand announcing my prefix. Everything looks fine to me and I've
I just got the same thing.
Possible Prefix Hijack (Code: 10)
Your prefix: 173.44.32.0/19:
Prefix Description: AS8100
Update time:
On 4/2/14, 11:51, Joseph Jenkins wrote:
So I setup BGPMON for my prefixes and got an alert about someone in
Thailand announcing my prefix. Everything looks fine to me and I've
checked a bunch of different Looking Glasses and everything announcing
correctly.
I am assuming I should be contacting
If you contact bgpmon support you may be able to get some more in-depth
information. I've contacted them before with alerts like those and they
were able to give me specific date, time, ASN and interface information
about the peering points that received the announcements; that might
help make
I just got the same alert for one of my prefixes one minute ago.
On 4/2/2014 2:59 PM, Frank Bulk wrote:
I received a similar notification about one of our prefixes also a few
minutes ago. I couldn't find a looking glass for AS4761 or AS4651. But I
also couldn't hit the websites for either AS,
Lol, and two minutes after I replied to you, I got the same alert about
the same AS with two of my prefixes.
-Original Message-
From: Joseph Jenkins [mailto:j...@breathe-underwater.com]
Sent: Wednesday, April 02, 2014 2:52 PM
To: nanog@nanog.org
Subject: BGPMON Alert Questions
So I
Same alert for me on two of my prefixes. Still looking into it.
On Wed, Apr 2, 2014 at 1:59 PM, Frank Bulk frnk...@iname.com wrote:
I received a similar notification about one of our prefixes also a few
minutes ago. I couldn't find a looking glass for AS4761 or AS4651. But I
also couldn't
On 02/04/14 11:51, Joseph Jenkins wrote:
So I setup BGPMON for my prefixes and got an alert about someone in
Thailand announcing my prefix. Everything looks fine to me and I've
checked a bunch of different Looking Glasses and everything announcing
correctly.
I am assuming I should be
[mailto:thorhallur.halfdanar...@advania.is]
Sent: Wednesday, April 02, 2014 2:59 PM
To: Joseph Jenkins
Cc: nanog@nanog.org
Subject: Re: BGPMON Alert Questions
I have received those for two prefixes so far.
Same origin+transit
Br,
Tolli
I'm seeing the same hijack of prefixes by multiple networks under my
watch, at 18:40 UTC and 19:06 UTC.
-- Stephen
On 2014-04-02 2:51 PM, Joseph Jenkins wrote:
So I setup BGPMON for my prefixes and got an alert about someone in
Thailand announcing my prefix. Everything looks fine to me and
On 4/2/14, 8:51 PM, Joseph Jenkins wrote:
So I setup BGPMON for my prefixes and got an alert about someone in
Thailand announcing my prefix. Everything looks fine to me and I've
checked a bunch of different Looking Glasses and everything announcing
correctly.
I am assuming I should be
To: nanog@nanog.org
Subject: Re: BGPMON Alert Questions
On 4/2/14, 11:51, Joseph Jenkins wrote:
So I setup BGPMON for my prefixes and got an alert about someone in
Thailand announcing my prefix. Everything looks fine to me and I've
checked a bunch of different Looking Glasses and everything
, April 02, 2014 2:03 PM
To: Joseph Jenkins; nanog@nanog.org
Subject: RE: BGPMON Alert Questions
If you contact bgpmon support you may be able to get some more in-depth
information. I've contacted them before with alerts like those and they
were able to give me specific date, time, ASN and interface
... and same here.
Indosat looks now to have developed a solid experience in BGP prefix hijack
mess (last time was in 2011).
Olivier
On 4/2/14, 11:51, Joseph Jenkins wrote:
So I setup BGPMON for my prefixes and got an alert about someone in
Thailand announcing my prefix. Everything looks
I can confirm that indosat appears to be hijacking many prefixes.
HE 6939 is one of the networks picking it up and distributing it
further. Here's an example for a Syrian prefix:
http://portal.bgpmon.net/data/indosat-hijack.png
Message-
From: Vlade Ristevski [mailto:vrist...@ramapo.edu]
Sent: 02 April 2014 20:05
To: nanog@nanog.org
Subject: Re: BGPMON Alert Questions
I just got the same alert for one of my prefixes one minute ago.
On 4/2/2014 2:59 PM, Frank Bulk wrote:
I received a similar notification about one of our
yeah you're seeing the impact of a pretty broad prefix injection
indosat's upstream filters seem to be working for the most part.
On 4/2/14, 12:10 PM, Stephen Fulton wrote:
I'm seeing the same hijack of prefixes by multiple networks under my
watch, at 18:40 UTC and 19:06 UTC.
-- Stephen
Just got the same for 5 of my prefixes.
Possible Prefix Hijack (Code: 10)
Your prefix: 192.225.232.0/21:
Prefix Description: ARIN direct allocation
.
Let's hope that AS4651 can quickly apply filters.
Frank
-Original Message-
From: David Hubbard [mailto:dhubb...@dino.hostasaurus.com]
Sent: Wednesday, April 02, 2014 2:03 PM
To: Joseph Jenkins; nanog@nanog.org
Subject: RE: BGPMON Alert Questions
If you contact bgpmon support you may
On Wed, Apr 2, 2014 at 3:41 PM, joel jaeggli joe...@bogus.com wrote:
yeah you're seeing the impact of a pretty broad prefix injection
indosat's upstream filters seem to be working for the most part.
Based on the image they tweeted, I don't think they are doing much
filtering; the Syrian
Yes, I too have alerts for some of our prefixes from the same offending
origin 4761
On Wednesday April 2nd 2014 at 19:59 UTC we detected a Origin AS Change
event for your prefix (66.201.48.0/20 slash 20 bottom of nor cal)
The detected prefix: 66.201.48.0/20, was announced by AS4761
: Wednesday, April 02, 2014 2:03 PM
To: Joseph Jenkins; nanog@nanog.org
Subject: RE: BGPMON Alert Questions
If you contact bgpmon support you may be able to get some more in-depth
information. I've contacted them before with alerts like those and they
were able to give me specific date, time
...@dino.hostasaurus.com]
Sent: Wednesday, April 02, 2014 2:03 PM
To: Joseph Jenkins; nanog@nanog.org
Subject: RE: BGPMON Alert Questions
If you contact bgpmon support you may be able to get some more in-depth
information. I've contacted them before with alerts like those and they
were able to give me
Seeing the same here for a /21. This seems to have happened before with
AS4761? See http://www.bgpmon.net/hijack-by-as4761-indosat-a-quick-report/from
january 2011.
On Wed, Apr 2, 2014 at 8:51 PM, Joseph Jenkins
j...@breathe-underwater.comwrote:
So I setup BGPMON for my prefixes and got an
Hi All,
I am a network admin for Aware Corporation AS18356 (Thailand), as
mentioned in the alert.
We operate a BGPMon PeerMon node on our network, which peers with the
BGPMon service as a collector.
It is likely that AS4761 (INDOSAT) has somehow managed to hijack these
prefixes and CAT
route-views4 /64.25.208.71 has seen updates that contains large amount of
prefixes at time 1396464452 (04 / 02 / 14 @ 6:47:32pm UTC) with path
[20225, 6939, 4761]
full prefixes list: http://pastebin.com/Eu4ePgp4
is it normal for single update to contain such large amount NLRI info?
On Wed, Apr
They have advertised all of ours now.
On Wed, Apr 2, 2014 at 2:16 PM, Bob Evans b...@fiberinternetcenter.comwrote:
Yes, I too have alerts for some of our prefixes from the same offending
origin 4761
On Wednesday April 2nd 2014 at 19:59 UTC we detected a Origin AS Change
event for your
: BGPMON Alert Questions
If you contact bgpmon support you may be able to get some more in-depth
information. I've contacted them before with alerts like those and they
were able to give me specific date, time, ASN and interface information
about the peering points that received
02, 2014 2:03 PM
To: Joseph Jenkins; nanog@nanog.org
Subject: RE: BGPMON Alert Questions
If you contact bgpmon support you may be able to get some more in-depth
information. I've contacted them before with alerts like those and
they
were able to give me specific date, time, ASN and interface
Three of ours just got jacked. I have tried to contact via email for update /
fix of their end.
-Mike
-Original Message-
From: Felix Aronsson [mailto:fe...@mrfriday.com]
Sent: Wednesday, April 02, 2014 3:22 PM
To: Joseph Jenkins
Cc: nanog@nanog.org
Subject: Re: BGPMON Alert Questions
Same here:
Possible Prefix Hijack (Code: 10)
Your prefix: 132.206.0.0/16:
Prefix Description: MCGILL-NET-132-206
Update time: 2014-04-02
I emailed hostmas...@indosat.com a little over an hour ago, and no response
as yet. Anyone having luck making contact with Indosat themselves?
On Wed, Apr 2, 2014 at 2:33 PM, Andrew (Andy) Ashley
andre...@aware.co.thwrote:
Hi All,
I am a network admin for Aware Corporation AS18356
Contacted ip@indosat.com about this, I urge others to do the same.
--Aris
On Wed, Apr 2, 2014 at 9:33 PM, Andrew (Andy) Ashley
andre...@aware.co.thwrote:
Hi All,
I am a network admin for Aware Corporation AS18356 (Thailand), as
mentioned in the alert.
We operate a BGPMon PeerMon node
We are getting multiple alerts for a mix of our and customers prefixes.
Could someone from HE tell if they started filtering yet ?
Erik Bais
Verstuurd vanaf mijn iPad
Op 2 apr. 2014 om 21:21 heeft Felix Aronsson fe...@mrfriday.com het volgende
geschreven:
Seeing the same here for a /21.
On 4/2/14, 13:31, Bob Evans wrote:
where did you get that number ?
I think that was a number for CAT, AS4651.
~Seth
On Wed, Apr 2, 2014 at 1:24 PM, Blake Dunlap iki...@gmail.com wrote:
Is this malicious or did someone redistribute all of bgp with bad upstream
filtering?
They perfectly re-advertized all mine. Loos like a huge mistake. And still
ongoing.
Although this was nice to see:
andre...@aware.co.th
Cc: nanog@nanog.org nanog@nanog.org
Subject: Re: BGPMON Alert Questions
Contacted ip@indosat.com about this, I urge others to do the same.
--Aris
On Wed, Apr 2, 2014 at 9:33 PM, Andrew (Andy) Ashley andre...@aware.co.th
wrote:
Hi All,
I am a network admin for Aware
They are advertising one of /22 right now as well,
Bret
On 04/02/2014 04:21 PM, Bryan Tong wrote:
They have advertised all of ours now.
On Wed, Apr 2, 2014 at 2:16 PM, Bob Evans b...@fiberinternetcenter.comwrote:
Yes, I too have alerts for some of our prefixes from the same offending
Same here :
Your prefix: 178.212.137.0/24:
Prefix Description: Engine Networks EU
Update time: 2014-04-02 20:54 (UTC)
Detected by #peers: 1
Detected prefix: 178.212.137.0/24
Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
Provider,ID)
Upstream AS:
So,
Just tired e-mailing to that address.
*Delivery has failed to these recipients or groups:*
indriana.triyunianingt...@indosat.com
mailto:indriana.triyunianingt...@indosat.com
The recipient's mailbox is full and can't accept messages now. Please
try resending this message later, or contact
Tried the recipients mailbox is full, but it looks like all of the bgpmon
alerts have cleared.
On Wed, Apr 2, 2014 at 1:40 PM, Aris Lambrianidis effulge...@gmail.comwrote:
Contacted ip@indosat.com about this, I urge others to do the same.
--Aris
On Wed, Apr 2, 2014 at 9:33 PM, Andrew
Thanks, also emailed support@ noc@. Didn't receive any bounce emails..
e...@zerofail.com
AS40191
On Apr 2, 2014 5:06 PM, Aris Lambrianidis effulge...@gmail.com wrote:
Contacted ip@indosat.com about this, I urge others to do the same.
--Aris
On Wed, Apr 2, 2014 at 9:33 PM, Andrew (Andy)
Got this response from HE
We are not in the as-path of the routes listed below. It seems we accepted
some of them from a route server. I'm not seeing them in the table at this
time.
--
Rob Mosher
Senior Network and Software Engineer
Hurricane Electric / AS6939
On Wed, Apr 2, 2014 at 2:51 PM,
They're just leaking every route right?
Is it possible to poison the AS paths you announce with their own AS to get
them to let go of your prefixes until it's fixed?
Would that work, or some other trick that can be done without their cooperation?
Thanks,
Laszlo
Same here. AS path is 18356 38794 4651 4761.
Did anybody had any contact with AS 4761?
Regards,
Peter
Op 2 apr. 2014 om 22:57 heeft Curtis Doty cur...@greenkey.net het volgende
geschreven:
On Wed, Apr 2, 2014 at 1:24 PM, Blake Dunlap iki...@gmail.com wrote:
Is this malicious or did
Already too late :(
*Delivery has failed to these recipients or groups:*
indriana.triyunianingt...@indosat.com
mailto:indriana.triyunianingt...@indosat.com
The recipient's mailbox is full and can't accept messages now. Please
try resending this message later, or contact the recipient
On Wed, 2 Apr 2014, Laszlo Hanyecz wrote:
They're just leaking every route right?
Is it possible to poison the AS paths you announce with their own AS to get
them to let go of your prefixes until it's fixed?
Would that work, or some other trick that can be done without their cooperation?
On Thu, 3 Apr 2014, Adrian Minta wrote:
Already too late :(
*Delivery has failed to these recipients or groups:*
indriana.triyunianingt...@indosat.com
mailto:indriana.triyunianingt...@indosat.com
The recipient's mailbox is full and can't accept messages now. Please try
resending this
On 4/2/14, 11:59 AM, Justin M. Streiner wrote:
Two things need to happen:
1. Indosat needs to clean their mess up.
2. Indosat's upstreams need to apply some BGP clue to Indosat's
announcements.
It's pretty clear that both parties have dropped the ball in a big way,
in terms of sane BGP
Quick update from BGPmon:
We've detected 415,652 prefixes being hijacked by Indosat today. 8,233
of those were seen by more than 10 of our BGP collectors.
When receiving a BGPmon alerts, one of the metrics to look at that will
help with determining the scope and impact is the 'Detected by #peers'
note joels careful use of 'injected'. imiho, 'hijacked' is perjorative
implying evil intent. i very much doubt that is the case here. it
looks much more like an accident. could we try to be less accusatory
with our language. 'injected', 'mis-originated', ... would seem to
descrive the
On Wed, 02 Apr 2014 16:16:23 -0700, Andree Toonk said:
Quick update from BGPmon:
We've detected 415,652 prefixes being hijacked by Indosat today.
Those who do not understand AS7007 are doomed to repeat it?
pgpU55zVC12U9.pgp
Description: PGP signature
Agreed - focus on the fix. Then take a deep breath and figure out what happened.
BTW - Indosat is down hard. Cannot call into their network (cell phone). I've
got my team reaching in to their buddies to help.
On Apr 3, 2014, at 7:22 AM, Randy Bush ra...@psg.com wrote:
note joels careful use
Hi Team,
Confirmation from my team talking directly to Indosat - self inflected with a
bad update during a maintenance window. Nothing malicious or intentional.
Barry
signature.asc
Description: Message signed with OpenPGP using GPGMail
1 - 100 of 102 matches
Mail list logo
