[109209] in North American Network Operators' Group
Re: Potential Prefix Hijack
daemon@ATHENA.MIT.EDU (Frederico A C Neves)
Tue Nov 11 10:55:27 2008
Date: Tue, 11 Nov 2008 13:54:50 -0200
From: Frederico A C Neves <fneves@registro.br>
To: Bill Woodcock <woody@pch.net>
In-Reply-To: <Pine.SOC.4.61.0811101856240.27523@paixhost.pch.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hi Bill,
On Mon, Nov 10, 2008 at 07:00:47PM -0800, Bill Woodcock wrote:
> On Tue, 11 Nov 2008, Mark Tinka wrote:
> > Anyone know how we can contact AS16735 and their upstream
> > AS27664. We think they are hijacking a number of our
> > prefixes (AS24218- and AS17992-originated).
>
> Have you tried CERT-BR? Uh... I was about to say "they're usually very
> responsive, and good at coordinating this sort of thing." And then their
> web site failed to load, because the prefix it's in is flapping. Hm.
>
> Fred, you still awake?
Not at the time of the event :-(
AFAIK the event was local to CTBC (AS16735) and their customers. This
is our case and as we host RRC15 at PTTMetro São Paulo, and feed it
with a full routing BGP feed it triggered the reports from bgpmon [1].
CTBC is still pending to explain the event,
> -Bill
Fred
[1] http://bgpmon.net/blog/?p=80
