[124997] in North American Network Operators' Group
Re: China prefix hijack
daemon@ATHENA.MIT.EDU (Frank Pater)
Thu Apr 8 13:20:21 2010
Date: Thu, 8 Apr 2010 13:19:35 -0400
From: Frank Pater <fpater@dca.net>
To: nanog@nanog.org
In-Reply-To: <k2u25dbbe251004080939n4db404f7iafae78b004b23873@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--wULyF7TL5taEdwHz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
We received BGPmon notifications for all of our prefixes as well. Not sure =
if it's relevant, but this is also announced upstream from us by 3491. Exam=
ple:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Possible Prefix Hijack (Code: 10)
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Your prefix: 216.158.0.0/18:
Update time: 2010-04-08 15:58 (UTC)
Detected by #peers: 1
Detected prefix: 216.158.0.0/18
Announced by: AS23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunicat=
ions Corporation)
Upstream AS: AS4134 (CHINANET-BACKBONE No.31,Jin-rong Street)
ASpath: 39792 4134 23724 23724
--
Frank Pater
DCANet
http://www.dca.net
voice: 888-4-DCANET (888-432-2638)
fax: 302-426-6386
On Thu, Apr 08, 2010 at 12:39:57PM -0400, Chris McDonald wrote:
> i think so yeah
>=20
> AS 23724 is now announcing 63.218.188.0/22 which is historically announced
> by ASes: 3491.
> Time: Thu Apr 8 16:55:02 2010 GMT
> Observed path: 812 174 4134 23724 23724
>=20
>=20
> On Thu, Apr 8, 2010 at 12:33 PM, Grzegorz Janoszka <Grzegorz@janoszka.pl>=
wrote:
>=20
> >
> > Just half an hour ago China Telecom hijacked one of our prefixes:
> >
> > Your prefix: X.Y.Z.0/19:
> > Prefix Description: NETNAME
> > Update time: 2010-04-08 15:58 (UTC)
> > Detected by #peers: 1
> > Detected prefix: X.Y.Z.0/19
> > Announced by: AS23724 (CHINANET-IDC-BJ-AP IDC, China
> > Telecommunications Corporation)
> > Upstream AS: AS4134 (CHINANET-BACKBONE No.31,Jin-rong Street)
> > ASpath: 39792 4134 23724 23724
> >
> > Luckily it had to be limited as only one BGPmon peer saw it. Anyone else
> > noticed it?
> >
> > --
> > Grzegorz Janoszka
> >
> >
--wULyF7TL5taEdwHz
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFLvhAnTMDb+XbNbmIRAsaaAJ9q+ESvEN/3EdPic0HLYLARL/tR9gCeMUYF
2LTuF02HiucAa2Bqj9QZR3U=
=7Pww
-----END PGP SIGNATURE-----
--wULyF7TL5taEdwHz--
