[157590] in North American Network Operators' Group
Re: Belpak / Beltelecom contact to address a BGP hijacking issue?
daemon@ATHENA.MIT.EDU (Sarah Nataf)
Tue Oct 30 04:21:33 2012
In-Reply-To: <CAJ0+aXa9JUKOwNRwmO7JN1ubjYX3uNOiYTRN+U1Kbk8freFwLg@mail.gmail.com>
Date: Tue, 30 Oct 2012 09:21:16 +0100
From: Sarah Nataf <sarah.nataf@gmail.com>
To: Anurag Bhatia <me@anuragbhatia.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
On Mon, Oct 29, 2012 at 7:03 PM, Anurag Bhatia <me@anuragbhatia.com> wrote:
> Seems like they are not advertising it anymore. AS6697 has transit from
> Level3 and peering/transit from HE. Both of them show path to AS3215 for
> that prefix now.
Yes, seems that the annoucement stopped yesterday, after 5 days:
Origin AS First Seen Last Seen
AS3215 2012-10-28 17:32:51 UTC 2012-10-30 07:00:20 UTC
AS6697 2012-10-24 09:28:20 UTC 2012-10-29 12:18:10 UTC
AS5396 2012-10-24 09:17:58 UTC 2012-10-24 09:17:58 UTC
Anyway, as we couldn't reach anyone from Belpak, not sure how the
issue was solved. So I think we'll let the 2.2.2.0/24 a few days more
(usually only the 2.2.0.0/16 is advertised by AS3215... but the
2.2.2.0/24 prefix is so often subject to hijacking that we might
permanently add this /24 as well).
--
sarah