[149259] in North American Network Operators' Group
RE: Hijacked Network Ranges - paging Cogent and GBLX/L3
daemon@ATHENA.MIT.EDU (Schiller, Heather A)
Tue Jan 31 15:05:13 2012
From: "Schiller, Heather A" <heather.schiller@verizon.com>
To: Keegan Holley <keegan.holley@sungard.com>
Date: Tue, 31 Jan 2012 15:04:37 -0500
In-Reply-To: <CABO8Q6TZZNEQc_0zpeOEUtJKxeTWvLyWqvfT04+zm1anoZrn2w@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Looks fixed now..
--heather=20
-----Original Message-----
From: Keegan Holley [mailto:keegan.holley@sungard.com]=20
Sent: Tuesday, January 31, 2012 2:50 PM
To: Schiller, Heather A
Cc: Kelvin Williams; nanog@nanog.org
Subject: Re: Hijacked Network Ranges - paging Cogent and GBLX/L3
To be honest I haven't had much success it convincing a tier 1 to modify so=
meone else's routes on my behalf for whatever reason. I also have had limi=
ted success in getting them to do anything quickly. I'd first look to modi=
fy your advertisements as much as possible to mitigate the issue and then w=
ork with the other guys upstreams second.
2012/1/31 Schiller, Heather A <heather.schiller@verizon.com>:
>
> Or roll it up hill:
>
> 33611 looks like they get transit from 19181, who's only upstream appears=
to be 12189.
> 12189 gets connectivity from 174 and 3549.
>
> 174 =3D Cogent
> 3549 =3D GBLX/L3
>
> =A0--Heather
>
> -----Original Message-----
> From: Kelvin Williams [mailto:kwilliams@altuscgi.com]
> Sent: Tuesday, January 31, 2012 1:01 PM
> To: nanog@nanog.org
> Subject: Hijacked Network Ranges
>
> Greetings all.
>
> We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek=20
> Internet
> Exchange) immediately filter out network blocks that are being advertised=
by ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.
>
> The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and=20
> 68.66.112.0/20 are registered in various IRRs all as having an origin=20
> AS
> 11325 (ours), and are directly allocated to us.
>
> The malicious hijacking is being announced as /24s therefore making route=
selection pick them.
>
> Our customers and services have been impaired. =A0Does anyone have any co=
ntacts for anyone at Cavecreek that would actually take a look at ARINs WHO=
IS, and IRRs so the networks can be restored and our services back in opera=
tion?
>
> Additionally, does anyone have any suggestion for mitigating in the inter=
im? =A0Since we can't announce as /25s and IRRs are apparently a pipe dream=
.
>
> --
> Kelvin Williams
> Sr. Service Delivery Engineer
> Broadband & Carrier Services
> Altus Communications Group, Inc.
>
>
> "If you only have a hammer, you tend to see every problem as a nail."=20
> -- Abraham Maslow
>
>
