[149255] in North American Network Operators' Group
RE: Hijacked Network Ranges - paging Cogent and GBLX/L3
daemon@ATHENA.MIT.EDU (Schiller, Heather A)
Tue Jan 31 14:30:17 2012
From: "Schiller, Heather A" <heather.schiller@verizon.com>
To: Kelvin Williams <kwilliams@altuscgi.com>, "nanog@nanog.org"
<nanog@nanog.org>
Date: Tue, 31 Jan 2012 14:29:40 -0500
In-Reply-To: <CANEysbE7GiFM++ykwiO0nBmfPvWHw_KSPUFDPfNbM5Y2TL1kMw@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Or roll it up hill:
33611 looks like they get transit from 19181, who's only upstream appears t=
o be 12189.=20
12189 gets connectivity from 174 and 3549. =20
174 =3D Cogent
3549 =3D GBLX/L3
--Heather
-----Original Message-----
From: Kelvin Williams [mailto:kwilliams@altuscgi.com]=20
Sent: Tuesday, January 31, 2012 1:01 PM
To: nanog@nanog.org
Subject: Hijacked Network Ranges
Greetings all.
We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek Internet
Exchange) immediately filter out network blocks that are being advertised b=
y ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.
The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and 68.66.112.0/=
20 are registered in various IRRs all as having an origin AS
11325 (ours), and are directly allocated to us.
The malicious hijacking is being announced as /24s therefore making route s=
election pick them.
Our customers and services have been impaired. Does anyone have any contac=
ts for anyone at Cavecreek that would actually take a look at ARINs WHOIS, =
and IRRs so the networks can be restored and our services back in operation=
?
Additionally, does anyone have any suggestion for mitigating in the interim=
? Since we can't announce as /25s and IRRs are apparently a pipe dream.
--
Kelvin Williams
Sr. Service Delivery Engineer
Broadband & Carrier Services
Altus Communications Group, Inc.
"If you only have a hammer, you tend to see every problem as a nail." --
Abraham Maslow
