[170624] in North American Network Operators' Group
Re: BGPMON Alert Questions
daemon@ATHENA.MIT.EDU (Bryan Tong)
Wed Apr 2 16:06:14 2014
In-Reply-To: <000c01cf4ea8$57623580$0626a080$@iname.com>
Date: Wed, 2 Apr 2014 13:51:00 -0600
From: Bryan Tong <contact@nullivex.com>
To: Frank Bulk <frnkblk@iname.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Another 5 of ours just got hit.
Anyone have any ideas on what will be done about it?
On Wed, Apr 2, 2014 at 1:18 PM, Frank Bulk <frnkblk@iname.com> wrote:
> bgpmon has tweeted that "We're currently observing a large hijack event.
> Indosat AS4761 originating many prefixes not assigned to them."
>
> Let's hope that AS4651 can quickly apply filters.
>
> Frank
>
> -----Original Message-----
> From: David Hubbard [mailto:dhubbard@dino.hostasaurus.com]
> Sent: Wednesday, April 02, 2014 2:03 PM
> To: Joseph Jenkins; nanog@nanog.org
> Subject: RE: BGPMON Alert Questions
>
> If you contact bgpmon support you may be able to get some more in-depth
> information. I've contacted them before with alerts like those and they
> were able to give me specific date, time, ASN and interface information
> about the peering points that received the announcements; that might
> help make you present to the suspect party more likely to be acted upon.
>
> -----Original Message-----
> From: Joseph Jenkins [mailto:joe@breathe-underwater.com]
> Sent: Wednesday, April 02, 2014 2:52 PM
> To: nanog@nanog.org
> Subject: BGPMON Alert Questions
>
> So I setup BGPMON for my prefixes and got an alert about someone in
> Thailand announcing my prefix. Everything looks fine to me and I've
> checked a bunch of different Looking Glasses and everything announcing
> correctly.
>
> I am assuming I should be contacting the provider about their
> misconfiguration and announcing my prefixes and get them to fix it. Any
> other recommendations?
>
> Is there a way I can verify what they are announcing just to make sure
> they are still doing it?
>
> Here is the alert for reference:
>
> Your prefix: 8.37.93.0/24:
>
> Update time: 2014-04-02 18:26 (UTC)
>
> Detected by #peers: 2
>
> Detected prefix: 8.37.93.0/24
>
> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
> Provider,ID)
>
> Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority
> of
> Thailand(CAT),TH)
>
> ASpath: 18356 9931 4651 4761
>
>
>
>
>
>
>
--
eSited LLC
(701) 390-9638
