[149263] in North American Network Operators' Group
RE: Hijacked Network Ranges - paging Cogent and GBLX/L3
daemon@ATHENA.MIT.EDU (Manish Karir)
Tue Jan 31 15:31:50 2012
From: Manish Karir <mkarir@merit.edu>
Date: Tue, 31 Jan 2012 15:30:57 -0500
To: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
You can take a closer look at the aspaths (lengths) to various global =
locations by looking at the following:
=
http://bgptables.merit.edu/prefix.php?z=3D&z=3D&prefixcw=3D208.110.48.0/20=
&view=3Dall&count=3D1000
=
http://bgptables.merit.edu/prefix.php?z=3D&z=3D&prefixcw=3D63.246.112.0/20=
&view=3Dall&count=3D1000
=
http://bgptables.merit.edu/prefix.php?z=3D&z=3D&prefixcw=3D68.66.112.0/20&=
view=3Dall&count=3D1000
Hope that helps.
-manish
> Message: 7
> Date: Tue, 31 Jan 2012 22:06:03 +0200
> From: Ido Szargel <ido@oasis-tech.net>
> To: "Schiller, Heather A" <heather.schiller@verizon.com>, Kelvin
> Williams <kwilliams@altuscgi.com>, "nanog@nanog.org" =
<nanog@nanog.org>
> Subject: RE: Hijacked Network Ranges - paging Cogent and GBLX/L3
> Message-ID:
> =
<7A848D4888ADA94B8A46A17296740133B38D3E5473@DEXTER.oasis-tech.local>
> Content-Type: text/plain; charset=3D"us-ascii"
>=20
> I would go at first by advertising your prefixes as a /24 as well, =
just
> randomly checked 2 different locations and the as-path to 11325 is =
shorter
> than to 33611
> This seems to be the case for customers of Tiscali and L3, so this =
will
> probably get most of your traffic back to you...
>=20
> Regards,
> Ido
>>=20
>> -----Original Message-----
>> From: Kelvin Williams [mailto:kwilliams@altuscgi.com]
>> Sent: Tuesday, January 31, 2012 1:01 PM
>> To: nanog@nanog.org
>> Subject: Hijacked Network Ranges
>>=20
>> Greetings all.
>>=20
>> We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek =
Internet
>> Exchange) immediately filter out network blocks that are being =
advertised by
>> ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.
>>=20
>> The routes for networks: 208.110.48.0/20, 63.246.112.0/20, and
>> 68.66.112.0/20 are registered in various IRRs all as having an origin =
AS
>> 11325 (ours), and are directly allocated to us.
>>=20
>> The malicious hijacking is being announced as /24s therefore making =
route
>> selection pick them.
>>=20
>> Our customers and services have been impaired. Does anyone have any
>> contacts for anyone at Cavecreek that would actually take a look at =
ARINs
>> WHOIS, and IRRs so the networks can be restored and our services back =
in
>> operation?
>>=20
>> Additionally, does anyone have any suggestion for mitigating in the =
interim?
>> Since we can't announce as /25s and IRRs are apparently a pipe dream.
>>=20
>> --
>> Kelvin Williams
>> Sr. Service Delivery Engineer
>> Broadband & Carrier Services
>> Altus Communications Group, Inc.
>>=20
>=20
> "If you only have a hammer, you tend to see every problem as a nail." =
--
> Abraham Maslow
