[109194] in North American Network Operators' Group
RE: Potential Prefix Hijack
daemon@ATHENA.MIT.EDU (Scott Morris)
Mon Nov 10 23:01:18 2008
From: "Scott Morris" <swm@emanon.com>
To: "'jamie'" <j@arpa.com>,
"'Network Fortius'" <netfortius@gmail.com>
Date: Mon, 10 Nov 2008 23:01:05 -0500
In-Reply-To: <6ff30abd0811101936v585210bbx3752bc6d72dea783@mail.gmail.com>
Cc: nanog@nanog.org
Reply-To: swm@emanon.com
Errors-To: nanog-bounces@nanog.org
I sent e-mails to the AS contacts, but don't expect that to do much in =
the
middle of the night. No live person at the phone numbers. I can't =
even
get their web site to come up, although if they're re-routing the entire =
BGP
table internally, go figure. :)=20
BGPMon's a great thing though!
Somebody's been bad tonight.
Scott
-----Original Message-----
From: jamie [mailto:j@arpa.com]=20
Sent: Monday, November 10, 2008 10:37 PM
To: Network Fortius
Cc: nanog@nanog.org
Subject: Re: Potential Prefix Hijack
Obvious, since I posted about it earlier, but confirmed here as well. =
Has
anyone made contact with these guys? I have yet to...
On Mon, Nov 10, 2008 at 9:32 PM, Network Fortius
<netfortius@gmail.com>wrote:
> Same problems here, for AS26028
> Stefan
>
> On Mon, Nov 10, 2008 at 8:54 PM, Mark Tinka <mtinka@globaltransit.net
> >wrote:
>
> > Hi all.
> >
> > Anyone know how we can contact AS16735 and their upstream AS27664.=20
> > We think they are hijacking a number of our prefixes (AS24218- and=20
> > AS17992-originated). Thanks BGPmon:
> >
> > e.g.,
> >
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > Possible Prefix Hijack (Code: 11)
> > 1 number of peer(s) detected this updates for your prefix
> > 61.11.208.0/20:
> > Update details: 2008-11-11 02:24 (UTC) 61.11.208.0/20 Announced by:=20
> > AS16735 (Companhia de Telecomunicacoes do Brasil Central) Transit=20
> > AS: 27664 (CTBC Multim=EDdia)
> > ASpath: 27664 16735
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> >
> > RIPE's RIS BGPlay confirms the same, for about the last hour.
> >
> > E-mails to them won't get there (of course), so our NOC are=20
> > contacting them via Gmail/Yahoo.
> >
> > All help appreciated.
> >
> > Cheers,
> >
> > Mark.
> >
>
