[109208] in North American Network Operators' Group
Re: Potential Prefix Hijack
daemon@ATHENA.MIT.EDU (Raymond Dijkxhoorn)
Tue Nov 11 09:13:00 2008
Date: Tue, 11 Nov 2008 15:12:32 +0100 (CET)
From: Raymond Dijkxhoorn <raymond@prolocation.net>
To: Nuno Vieira - nfsi telecom <nuno.vieira@nfsi.pt>
In-Reply-To: <2057986816.33891226412089411.JavaMail.root@zimbra.nfsi.pt>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Hi!
> That's not true, as not all our prefixes were hijacked nor leaked,
> since they were originating them. If they were leaking them you might
> be able to see further AS's on the AS-PATH, incluiding the legitimate
> AS for originating those prefixes.
We have seen issues like this also when a customer was leaking full
routes, and his router ws not able to coop with the BGP tables. This gave
really really strange things, simmilar like here, some prefixes were
there and some not. Completely random.
> Am i seeing things in a blur way ? or this is supposed to happen as
> wind flows ?
Upstreams should filter things properly. Thats a sure thing. OR max prefix
limit customers like that....
Bye,
Raymond.
