[149239] in North American Network Operators' Group
Re: Hijacked Network Ranges
daemon@ATHENA.MIT.EDU (Justin M. Streiner)
Tue Jan 31 13:22:58 2012
Date: Tue, 31 Jan 2012 13:22:06 -0500 (EST)
From: "Justin M. Streiner" <streiner@cluebyfour.org>
To: nanog@nanog.org
In-Reply-To: <CAPiURgW5Yj1JK91yC9DQp7XkzrwZmAL8S76GWDE8nW85mCrDmA@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, 31 Jan 2012, Grant Ridder wrote:
> What is keeping you from advertising a more specific route (i.e /25's)?
Many providers filter out anything longer (smaller) than /24.
jms
> On Tue, Jan 31, 2012 at 12:00 PM, Kelvin Williams <kwilliams@altuscgi.com>wrote:
>
>> Greetings all.
>>
>> We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek Internet
>> Exchange) immediately filter out network blocks that are being advertised
>> by ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.
>>
>> The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and
>> 68.66.112.0/20 are registered in various IRRs all as having an origin AS
>> 11325 (ours), and are directly allocated to us.
>>
>> The malicious hijacking is being announced as /24s therefore making route
>> selection pick them.
>>
>> Our customers and services have been impaired. Does anyone have any
>> contacts for anyone at Cavecreek that would actually take a look at ARINs
>> WHOIS, and IRRs so the networks can be restored and our services back in
>> operation?
>>
>> Additionally, does anyone have any suggestion for mitigating in the
>> interim? Since we can't announce as /25s and IRRs are apparently a pipe
>> dream.
>>
>> --
>> Kelvin Williams
>> Sr. Service Delivery Engineer
>> Broadband & Carrier Services
>> Altus Communications Group, Inc.
>>
>>
>> "If you only have a hammer, you tend to see every problem as a nail." --
>> Abraham Maslow
>>
>
