[109207] in North American Network Operators' Group
Re: Potential Prefix Hijack
daemon@ATHENA.MIT.EDU (Nuno Vieira - nfsi telecom)
Tue Nov 11 09:04:19 2008
Date: Tue, 11 Nov 2008 14:01:29 +0000 (WET)
From: Nuno Vieira - nfsi telecom <nuno.vieira@nfsi.pt>
To: Raymond Dijkxhoorn <raymond@prolocation.net>
In-Reply-To: <alpine.LFD.2.00.0811111338090.25419@control.prolocation.net>
Cc: nanog@nanog.org
Reply-To: Nuno Vieira - nfsi telecom <nuno.vieira@nfsi.pt>
Errors-To: nanog-bounces@nanog.org
That's not true, as not all our prefixes were hijacked nor leaked, since they were originating them. If they were leaking them you might be able to see further AS's on the AS-PATH, incluiding the legitimate AS for originating those prefixes.
My point here is also about peers and upstreams to set properly filter or max-prefix settings to avoid those nasty things.
Am i seeing things in a blur way ? or this is supposed to happen as wind flows ?
regards,
---
Nuno Vieira
nfsi telecom, lda.
nuno.vieira@nfsi.pt
Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301
http://www.nfsi.pt/
----- "Raymond Dijkxhoorn" <raymond@prolocation.net> wrote:
> Hi!
>
> > We were hijacked aswell, by 27664 16735
> >
> > Our affected prefixes were:
> >
> > 94.46.0.0/16
> > 194.88.142.0/23
> > 194.11.23.0/24
> > 82.102.0.0/18
> > 195.246.238.0/23
> > 194.107.127.0/24
> > 81.92.192.0/19
> > 193.227.238.0/23
> >
> > We are trying to contact them in order to get some feedback, and
> some good explanation for this.
>
> The obviously were leaking full routing, are we all gonna annnounce
> 'my
> prefix was in there also?'
>
> Bye,
> Raymond.
