[125106] in North American Network Operators' Group
Re: BGP hijack from 23724 -> 4134 China?
daemon@ATHENA.MIT.EDU (Beavis)
Thu Apr 8 20:29:21 2010
In-Reply-To: <4BBE3E43.2050407@2mbit.com>
Date: Thu, 8 Apr 2010 18:29:07 -0600
From: Beavis <pfunix@gmail.com>
To: Brielle Bruns <bruns@2mbit.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Is it possible for you to share that filter list you have for china?
im getting bogged down by those ssh-bruts as well coming in from
china.
-B
On Thu, Apr 8, 2010 at 2:36 PM, Brielle Bruns <bruns@2mbit.com> wrote:
> On 4/8/10 2:23 PM, Jay Hennigan wrote:
>>
>> We just got Cyclops alerts showing several of our prefixes sourced from
>> AS23474 propagating through AS4134. =A0Anyone else?
>>
>> aut-num: =A0 =A0 =A0AS23724
>> as-name: =A0 =A0 =A0CHINANET-IDC-BJ-AP
>> descr: =A0 =A0 =A0 =A0IDC, China Telecommunications Corporation
>> country: =A0 =A0 =A0CN
>>
>> aut-num: =A0 =A0 =A0AS4134
>> as-name: =A0 =A0 =A0CHINANET-BACKBONE
>> descr: =A0 =A0 =A0 =A0No.31,Jin-rong Street
>> descr: =A0 =A0 =A0 =A0Beijing
>> descr: =A0 =A0 =A0 =A0100032
>> country: =A0 =A0 =A0CN
>>
>> --
>> Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net
>> Impulse Internet Service =A0- =A0http://www.impulse.net/
>> Your local telephone and internet company - 805 884-6323 - WB6RDV
>>
>
> I'm starting to wonder if someone is 'testing the waters' in China to see
> what they can get away with. I hate to be like this, but there's a reason
> why I have all of China filtered on my routers.
>
> Amazing how much =A0SSH hammering, spam, and other nastiness went away wi=
thin
> minutes of the filtering going in place.
>
> There comes a point where 'accidental' and 'isolated incident' become "we=
no
> care" and "spam not illegal". =A0And no, i'm not quoting that to mock, bu=
t
> rather repeat exactly what admins in China send to me in response to abus=
e
> reports and blocking in the AHBL.
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org =A0 =A0/ =A0 =A0 http://www.ahbl.org
>
>
--=20
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
